tv Washington This Week CSPAN June 15, 2013 10:00am-2:01pm EDT
helped write portion of it, and talk about section 215 others and will explain what those sections are. and then laura donahue from georgetown university will talk about the role of the fisa court and she will tell you how work, who composite, etc. appeared all of these segments, your call, plus we were take a look at the news segments as well. thank you for joining us. have a good day. ♪
alexander keith testifies on u.s. cyber security policy and government surveillance programs. then robert mueller also testifies on the nsa information sharing program called parent -- prison. she was born in trials and in 1898. her was a slave. she started her teaching career in 1916 in a rural school on john's island off the coast of charleston. her career in urban schools in south carolina, spent most of her teaching career in south carolina. when they prevented state employees from belonging to subversive organizations like
the in aa cp she lost her job naacp she lost her job. she started a program to be used during the civil rights movement. -- septima clarke clark this weekend. >> keith alexander testifies on this agency's data correction and surveillance programs that have been in the news recently. he is joined by other officials from the f dei and homeland security agency. from the senate appropriations committee this is 2.5 hours.
we need to make sure the american people know what we are spending our money for and to make sure that we make wide use of taxpayer dollars so that there are no -- we hope to make sure we know how to to help the private sector were and to protect real-time information and helping the private sector to the secure technologies we need. we need to prevent hackers and criminals from stealing cyber identities, cyber espionage, cyber sabotage against online commerce or our critical infrastructure. i have two goals for this hearing. first, protect the american
people from cyber threat while working together across the government to protect .com and .gov. second, how agencies will use cyber in the budget. the administration is requesting $13 billion for fiscal year 2014. the government is good at spending money, that we need to make sure we spend money well. failures and inefficiencies in government i.t. programs we do not want to happen as he moved forward in the cyber domain. walking across the subcommittees and making sure as we look at this, the questions that we have are we developing the right technologies to protect ourselves?
are we investing in the workforce we need? how do we protect civil liberties? i'm proud of my subcommittee chairs. i want to acknowledge the work of senator durbin and another on defense. i want to acknowledge the work of a ranking member. for me, we will have the fbi and the great vice chairman, senator chubby. this is a committee that is loaded with talent in this area and comes with enormous expertise from authorizing committee. a staunch protector of our liberties. senator feinstein on the committee.
we have the former chair of the homeland security committee. senator collins. rarely has a committee had so much talent coming together from appropriations and optimizers. i hope our country has a sense of urgency. we are already under attack. we are in a cyber war every day. every time someone steals identity or trade secrets, we are at war. we see the growing next this between cyber criminals hacking our networks. director mueller of the fbi says cyber crime will surpass terrorism as the number one
threat to america. secretary hagel and general dempsey continued to warn us against cyber as an insidious threat. these are such critical concerns that president obama in his recent meeting with the chinese president raised cybersecurity as one of our great international tensions between both countries. last year, we tried to put aside we worked on a bipartisan basis. but it didn't happen. but just because authorizing has not happened does not mean that nothing will happen. in february, the president signed his objective order and it protects critical
infrastructure provides critical infrastructure and cyber risk and -- into the federal service. today we will do something different. i bring to your attention the president's fiscal 2014 budget on the areas of cyber security. this would be the first time in one place we can look across all of the areas to make sure we know what the request is and the effects necessary to protect our country. it is significant. it is a public document that we have in one place, a one-stop shop. the president of the united states in his budget message to
congress has asked for $13 billion in order to execute the cyber security strategy across the agencies of the federal government. the purpose of this hearing today is to look at the cybersecurity threat. not every program from the department of homeland or the department of justice. it is focused on cybersecurity. this is a committee first. a senate first. no other committee has tried to hold a hearing across the different domains and agencies and to do it in an open and public way.
the expertise from the subcommittee chairs and authorizing is wonderful. we know we will be able to do it. the president has asked for $13 billion. $1.3 billion in homeland security. today we will hear from governments lead people in this. general alexander, the director of the national security agency. dr. gallagher, and richard feeley, the fbi assistant director in charge of criminal cyber and response.
i also want to acknowledge the and the last several days, many intelligence issues have been in the press. i understand that these are issues that are very much on the public's mind, and the members of the senate. last week, this topic of our surveillance program came out. a former chair of the intelligence committee, well- versed on the topic, that we would have a full committee hearing on that to kill her program. that is not today. that is for another day. i understand that our colleagues, senator feinstein, the chair of the intelligence committee, has scheduled a briefing for all senators tomorrow.
this is the second hearing that senator feinstein has opened area did -- opened. if senator shelby continues to brecht and that this committee hold a hearing on this matter, i will be happy to comply, and i've led to that -- i pledge to that. we certainly will. today's hearing will focus on cyber threats protecting the american people, printing -- protecting the taxpayer. i would hope today we will focus on this it important issue. this is a committee hearing. it will not be the last one on this topic. i now want to turn to my ranking
member, senator shelby, who has been active in this matter. >> thank you. as you pointed out, this is a very important hearing on a topic that demand significant congressional involvement. the cyber threat, as with -- as we all know, is increasing, as our adversary become more bold. we have seen stark reminders of this threat of constant cyber threats on the financial sector, the chinese hackers of the new york times, and reports that information on our most advanced weapons system were stolen by the chinese. earlier this year, a company publicly reported that chinese attackers are running cyber espionage campaigns with the likely support of the chinese
government. all recently, the same company expose iranian hacking in the u.s.. these of elements remind us of how urgently we need a coordinated effort to counter and to respond to these things. madam chair, this committee may be the only one with jurisdiction over the couple met of gore -- organizations involved with cybersecurity. it is appropriate we take a lead role in the oversight of this effort in working with others. i would like to hear how each of you today perceive the threat, and about your continuing efforts to protect critical infrastructure against attacks, and to address the cyber threat outside of the recently issued executive order. cybersecurity is an immediate priority, but the framework envisioned in the executive order will take time to develop,
and even longer to implement. there are still areas that need more attention, and may require legislation. such is the information sharing. additionally, the working relationship between the government and the private sector's are still a work in progress. on the requirements remain unclear, clearly a lot needs to be done. i look forward to dave for -- i live for today for hearing from our panel. to strengthen our infrastructure across the board. thank you. >> thank you. we will turn to our witness panel, and then we will go with questions him a starting with senator shelby. i would like to suggest that
general alexander go first, followed by mr. beers. the microphone is yours. >> thank you very much. i think what you and senator shelby have pointed out with respect to cyberspace is absolutely important for us to discuss. the threats that we face today continue to grow. it takes for the government a team to work. before i go any further, i want to point out that the team is here. it is great to be a part of that team. no one government department arranges he can do it sell. 4s is going to take a a partnership between homeland security, the fbi, and -- for us to work together. when i look at what is going on in cyberspace, and the capabilities that are growing, this is an incredible opportunity for us as a nation around the world to -- for us as a nation and around the world. the ability for education, this
is a tremendous time. when we look at what we can do with this with respect to medical care in the future, it is a fright -- bright future for us. it is complicated by the fact that cyber espionage, and the threats that senator shelby talked about. i do want to hit on that. you mentioned the evolution of this threat. when you look at the threat as it is gone, some of the things the fbi and we see in the department of home security, a series of expectations into our networks. the issue is how do you fix that? that issue is complicated by the fact that it is not only
expectations that are going on, but we are seeing a district of attacks against our nation's infrastructure. we as a nation need to step forward and say how we going to work this? the government team that is here today cannot do it without support from industry. we have to have some way of working with industry. they own and operate the book of our nations infrastructure. we have to do in a transport -- transparent way, and a legal way. we appreciate the efforts of
many on this panel for what you down -- what you have done to move the legislation along great we do need a way to work with industry. first, we have to create a defensible architecture. both the intelligence community and the defense department are moving forward on what we call the cloud architecture. a joint intelligence environment for the defense department, and the intel communities i.t. environments. the same thing for both communities, moving forward to what is a more defensible architect. we need to move it. that is the first thing. the second, we need to be able to see what is going on in cyberspace so that we can work with industry. and amongst ourselves. getting information after an attack only allows us to police
it up. we have to have some way of stopping it while it is going on. we need to be able to see it. we have to have a constant for operating in cyberspace, not just inside the defense department, but amongst all three of us. we offer role in this. we all play vital roles. from the department of homeland security's role with commercial industry, to the fbi's law- enforcement investigative things, to the defense department's responsibility to defend the nation. get have to bring this together. then reach out and say, how is that going to work with industry? how can we share information that is vital to our common defense? we have to do that. we need trained and ready forces.
i think that is one of the most important rings that congress expects of may. -- expects of me. to create trained and ready forces that are trained to a higher standard. both on the defense, and on the. those capabilities that our nation needs, that are trained to that standard, then a how to operate lawfully, to protect american civil liberties from privacy, and to protect this nation in cyberspace. we have to be able to do all three. we
have to have the capacity to act would authorize. the rules of engagement and the other authorities. we are working those. from my perspective, the minimum and of cyber command and nsa, we have tremendous technical talent. we really do. these are great people. our nation has invested a lot in these people. they do this lawfully, they take compliance oversight, protect civil liberties and privacy, and the security of this nation to heart. every day. i could not be more proud of the men and women of the nsa and cyber command. what we now need to do is take next up and moving that forward. that is all i have at this time.
i will defer now to my colleagues. >> thank you. chairwoman, ranking member, we all welcome this opportunity to appear before you. as you said, this is a unique opportunity to talk about the range of cyber security activities across the government, and we welcome that. as most of you know, cybersecurity is one of the five major missions of the department of homeland security, and one that we take very seriously. the threats that we face are very -- buried, and serious. in that regard, our mission focus is into a primary area. they are to protect the federal civilian networks, and to work with the private sector to protect america's critical
infrastructure. in that regard, and as the chairwoman mentioned, the president's policy initiatives for the year ahead are to secure federal networks to protect medical infrastructure, to engage internationally and shape the future. with respect to the first, this is one of the major areas that dhs is responsible for. we are investing about $600 million in protecting federal networks through our intrusion protection assistance, and through our contingents -- continuance diagnostics. we are also working heavily with america's critical infrastructure both private and public. we are working under the executive order, with our partners in this to create the
cybersecurity framework, and this is as you know an important initiative on our part. executive order, as you know, is the administration's effort after an attempt to get legislation last year, that isn't to say that we aren't interested in getting that legislation. that is having that we want to talk about. in addition to that, we are working through incident response, working with our partners in the fbi, and with the national security agency, and this is a call to one, call to all initiative in which we work together both in our headquarters, and operation centers. in terms of sharing information, where we were together in the field in the deployment of teams to go to particular sites of particular incidents in order to
determine what happened, and provide information to other parts of the private sector that will help them prevent the same kind of incidents. we are also involved in the international area, which individual countries and partners around the world. also, we -- with the european union as well. while it is a small program, it is a very important program. we have a lot of key partners that we work with. that is just in terms of the engagement in terms of face to face. in terms of the information sharing, our whole incident response structure, the nationals up -- cybersecurity communications integration center. it shares information internationally with other computer emergency readiness teams around the world. in order to do with them what we do for ourselves nationally. in order to protect cyberspace
around the world. finally, we work in terms of our research and development and other activities to try to shape the future. this is an important effort that is ongoing. one in which, as general alexander said, we could not do if we were doing it individually in dhs. it takes all this year to make this work. i want to thank you for the opportunity to speak with you today. and to talk about dhs programs. thank you. >> good afternoon. it is a difficult to overstate the potential impact cybersecurity -- cyber threats posed our economy, our national security, and infrastructure on which our country relies. as why the fbi, along with our key partners at the table here, are strengthening our cyber
capabilities in the same way we enhanced our intelligence and national security capabilities in the wake of 911 -- 9-11. i echo both of these gentlemen's comments this is a whole government approach when it comes to addressing this issue. in the last year, within the fbi, we had undergone a paradigm shift in how we conduct the cyber operations. while we previously watch and collect information and added to our understanding of the adversaries intentions, we do not we take action by seeking to disrupt them as in my in a counterterrorism base. we are now working with our partners successfully disrupting an impact in the individuals behind the would've made it their mission to attack, steel, spy, and commit terrorist acts against our nation and citizens.
instead of watching foreign countries steal our intellectual property, we are going out to companies and tried to prevent it. for example, working with dhs, we now routinely provide private industry and von force the partners overseas with ip addresses that are responsible for launching attacks against our country. just last week, the fbi and microsoft, and the services industry, conducted cordon operations to successfully disrupting within 1000 bought -- cover my computers that have been infected with a virus. that is estimated to be responsible for more than half $1 billion in financial fraud. these actions are part of a larger u.s. -- the example fly how the fbi and our partners are using private- public partnerships to protect the public from cyber criminals. at the nci jps, which serves as the -- among 19 u.s. agencies,
the government is coordinating its efforts and an unprecedented level. this coordination involves senior personnel at the agencies. while it is led by the fdi, it is -- we must recognize that to work together, we have to make sure that we keep pace and surpass the part -- capabilities of our cyber adversaries. the leaders of the fbi, dhs, and nsa met last fall and clarify the lanes and roads of cyber jurisdiction. i believe that the collective of
the worker levels is that there is now an unprecedented level of operation not seen since the immediate post-9/11 era. in addition to strengthening our partnerships and government, we have significantly enhanced our cooperation with the private sector. as part of that, we have begun the process of the briefings, and other information in terms to help dispel intruders. notice i guarding, it is based on the successful guardian terrorist threats system developed after 9/11. we are also developing an automated malware analysis tool to which von forstmann and industry partners to submit samples of malware for triage and analysis.
we expect an unclassified version of the system to be piloted for the private sector this fall. while we have been primarily focused on cyber intrusions, as we see as the greatest cyber threats or national security, we are working with our state and law-enforcement partners to identify and address gaps in the investigation and prosecution of internet fraud and crimes. the fbi and secret service should not bear all responsibility for this. we believe that there is a huge space for partners to join us in this fight. to address these gaps, we have developed a pilot program in cooperation with international chiefs of police, and other law enforcement organizations to enhance the internet fraud targeting packages that the fbi complaint center, -- revised to state and local law-enforcement for prosecution. i think for the opportunity to be here today.
i look for to answering questions. >> dr. gallagher. >> members of the committee, it is a pleasure to be here today. to join my colleagues and talk to about cybersecurity. since i am batting cleanup, i would touch on two topics. the all of government approach. good teamwork is based on playing your position. in this position, it is based on our mission. we are a measurement of science and standards organization. our role is to support industry. the owners operation or's, they respond to the information that they get from our television -- our intelligence committee, and from home and security. this is a top priority for this. our budget is a $24 million increase. this is on top of our total investment of $68 million. this funding enables our r&d
performance, and critical areas, including the national initiative for cybersecurity, the national strategy for trusted identities in cyberspace, and a moment haitian of executive order 13636. secondly, i like to give you a quick update on the executive order. as most of you know under the order, -- that supports the performance goals established by the department of common security. for this to be successful, two major elements have to be a part of the approach. first, the partnership between the agencies. as occurring. we memorialize this with the understanding between dhs and my colleagues here. the cybersecurity framework must be developed for a process that
is industry led, open, and transparent to all the stakeholders. we end up with an output that is technically robust, because it draws on their expertise, and a line with business interest and practices. this is not a new or novel approach for this. we have utilized a similar approach in the recent past to address cloud computing and smart grid. i appreciate the challenge before us. the executive order is very oppressive. it is to be developed within one year read the first draft is due 120 days. we have issued support this effort, and gather input from
industry and other stakeholders. we have held the first two of four planned workshops. we will use these to finalize and develop the framework because it is this type of approach that allows us to have the appropriate levels of cooperation with the industry. in may release the initial findings. that release marks the transition from gathering facts to actually building the framework. at a monthly will have an initial draft draft of the framework, including an initial list of stand my -- standards and practices. we will work with our agency partners to finalize the framework. even after the framework is done, the work is really only just beginning. adoption and use of a framework as going to raise new issues to address.
the goal at the end of this is to have industry adopt the framework themselves. so it becomes an ongoing process that enhances cybersecurity. the present -- the president advocate order lays out an ambitious agenda. it is designed around an active collaboration between the and private sectors. i hollered we believe that partnership is the essential ingredient for its success. the cybersecurity challenge in the.gov and.com domain is better than -- greater than has ever been. it is the only way we can leave this challenge. leveraging both roles responsibilities and capabilities, and we have a lot of work. i look for to working with this committee to make it happen. thank you. >> thank you very much to all four witnesses. we will function today is follow the five-minute rule rule. we will go with order of arrival. we also know that this hearing does not preclude the subcommittees from continuing their own hearings for this, to probe more deeply am a and after we have concluded our questioning, we will understand
that there will be certain aspects to drill down, we will also have an additional classified for him this afternoon in the classified section. now we will, not precluding further hearings. >> to all, just to reiterate the budget, the president has requested nine $.2 billion -- $9.2 billion. for all of justice, including the fci, $589 million. $215 million for commerce, primarily in this. department of state, nerdy $7 million.
when one hears $13 billion, that is a lot of money. however, we are in an endearing war where our citizens are under attack from identity theft to state secrets, business secrets, etc. our question today is $13 billion added in the various areas, and when we spend the $13 billion, will we also avoid the kind of things where sometimes we throw money at a new problem, sometimes we have technical boondoggles. we've seen in the past. this is what we are doing. let's go right to the president's request. as i understand, from the administration's priorities, the ministrations priorities, if you look at the budget, the federal networks.
lead by example, and make sure our networks are safe and secure. protect critical infrastructure, engage internationally. shape the future. general alexander, you will be getting, if we pass this budget, $9 billion. i understand that $3.5 billion will be to protect the dod network. we understand that. what will you use the other $5.8 billion to do? how will we get security for that dollar? >> thank you. it is a lot of money. i can tell you that from our perspective, what we're talking about is not just protecting protecting our networks, but developing the forces that we need to. part of that money goes to
training and outfitting the teams of cyber command. part of that ghost the information in fixing the networks you hit on. when i look at this, from my perspective, i believe this is right. the right amount. i know that the ministration and the defense department has already looked internal to this budget to see where we can take cuts, and we did. we cut it back to what we thought was the minimum that we could use, and still do this job. you pointed out that for the defense department, our job is to protect the nation and our networks. that is where that five $.8 billion goes. it doesn't go to one. $2.1 billion goes to in sa for doing their job is part of the intel community budget.
the is rolled in there as well. 582 million dollars goes to u.s. cyber command. that is for five key areas. teams, setting up the teams, training, charting the military construction to have a place to house these teams for headquarters, and research and development. i think is the right number. i think we have looked at where we can take savings, and i've done that. i also think it is important to state that the department sees this as an area to help ensure the nation is ready as we look at the rest of our course of action. this going to be key -- key to our future. >> let me follow one question.
in your testimony, this goes to protecting critical infrastructure. this is a big we concentrated on when we were working on authorizing legislation under collins lieberman. in your testimony, you say, from a 0-10, you rated it at a three. a three to protect our grid. a three to protect our financial services. my question is the money that you are getting, and her stand homeland security is supposed to protect us against domestic threads, where do you come in, and where does, security common come in? is part of your money used to do the services to support them?
>> we do work together. our money is there an overlapping in this case. specifically, the defense department has to set several's and responsibilities here. one to build, operate, and defend the dod network prayed as the one responsibility. there is a big cost because because that is our forces globally. that is the biggest bulk of the money that is here. the for second part, to develop the second part is to develop the teams to defend the nation. we work with fbi in setting up the ops centers, and funding and supporting those centers, so we can communicate amongst us. dhs has that responsibility to work with industry to set the standards. fbi has the responsibility to the law enforcement and investigation. new -- we have responsibility for for the foreign intelligence, and to defend against an attack. what we are doing is developing
the capabilities and the teams. we're going to need legislation to do those operations. >> i could have follow-up questions. i'm going to turn to senator shelby. >> thank you. dr. gallagher, my first question is to you. could you explain since this is been tasked under the executive order, to reduce cyber risk, could you explain how the process works question mark how the development of a framework to reduce cyber security differs from the development of standards to review such risk? what you believe will compel private industry, which is important, the moment the framework that it has developed question mark and given the evolution of technology, thank you very much need, in cyber threats specifically, how useful is it of a broad-based generic framework long-term? will it be chasing its tail so to speak, or will you be able to
get ahead of the curve question mark i would be interested to share your thoughts here. how the framework and the standards will apply. , or could apply. >> thank you. i'm going to do my best. the idea behind the framework is very simply to get industry to develop a set of practices, standards, methodologies, what every would take the it implemented to sit -- to improve cyber security. we use the term to refer to whenever you would put into place that would result in enhanced cybersecurity performance. that will include a large measure of standards, and the idea behind the industry doing it, as a couple of motivations. first of all, it addresses the
capacity. the industry is the one developing i.t. technology and communication technology. therefore, they know where the technology is going. they can bring that skill and expertise into the process to develop the standards. secondly, these companies, this internet is a global infrastructure previous companies operate at a global scale. by embedding security performance into the products and services themselves, we can achieve it broader than our borders. it embeds in the market. it gives her companies the power to shape the technologies around the world. in terms of chasing her tail, i think in a time when this technology is moving so quickly, and when the threat is changing right in front of us, this is
going to be an ongoing challenge. i think that the bottleneck cannot be missed. we are simply not large enough to support this on our own. our role has to be viewed as, did we help industry come up with the vehicle so they could organize and be responsive question mark feeling way that technical capacity could be brought to bear. >> levitate on that if i could. -- i may pick up on that i could. the discussions of a broad framework, which presumably, i would think, means it will be generic in order to have broader applicability, to all medical infrastructure sectors. how well a generic framework address the inherent differences in our critical infrastructure, and the unique needs being protected against cyber attacks? if we are not addressing sector specific needs, how can we be sure that we are actually helping protect any of these industries from a cyber attack? how do you bring industry on board with those -- they have system secrets.
formulas, everything, to protect. the government would have to protect those, and should. how would that work? >> you are exactly right. i think that the challenge, the question you asked about industries capacity to come together and carry this out is the central question. how generic and sector specific this looks? the good news is that in spite of the long differences across sectors, looking at energy or act or culture, they are dependent on the core set of communications. one of the advantages they have two working together to set up common platforms is that they
can drive that performance into the market, and they can buy these computer services and i.t. equipment that better cost because they are helping to shape the entire market. that really gets to what you raised earlier. how to drive the adoption of this framework. the bottom-line is, doing good cybersecurity has to become the business. the end, this is going to be about alignment. these frameworks have to be compatible with profitable and well-run companies. that is really -- it may be turn up at the framework discussions are more about management than they are but technical controls. that is ok if it helps those achieve the level of performance were looking at. >> thank you. >> senator leahy. >> thank you madam chair.
i am -- i have a lot of concerns about section 215 of the patriot act. section 702, we have a number of comments and proposals in the judiciary committee to improve these provisions, but the intelligence community has told us that we obviously don't have the ability. and so it is not the changes. i am told they are critical to counterterrorism efforts. congress shouldn't tinker with it. we should sibley trust you to use them the right way. they shouldn't be made permanent. i do not think that his wife. i think there should be sunset provisions, and we should look at them and debate them in a free and open society.
we have information to declassify, and i'm not going into questions of whether he contradicted himself on a couple of answers. it appears in section 702, it was critical to disrupt the case in new york city. but it is not clear that it is pursuant to sexual 215 of the patriot act, reasonably critical or crucial. -- critical to the discovery of terrorist threats. >> i do not have those figures today. >> are they available? >> we are going to make those available. >> houston? >> over the next week.
it would be our intent to get those figures out. i talked to the intel committee on that yesterday. i think it is important -- not >> you talk to the intel community but you didn't have the figures yesterday? >> i gave an approximate number. it is dozens. terrorist events that have helped prevent. >> we collect millions and millions of records through 215. dozens have been approved crucial. is that right? >> both here and abroad. in disrupting or contributing to the disruption. >> they've been critical. >> that is correct. >> would you give me the specific cases you're talking about?
>> we will. we're going to the intel committee to do this. tomorrow, i will give as clear as we have connected resizing what we have done on each of those. the reason that i am wanting to get his exec lee right is that i the american people to know that we are being transparent. >> you're not giving it to the american people. you are giving it classified to specific number of congress. >> that is two parts. i think for this debate, what you are asking and perhaps i misunderstood this, you are asking what we could put out unclassified. the intent would be to do both. >> you can do that within a week? >> that is our intent. i am pushing for that. perhaps faster. we do want to get this right.
it has to be that it across the community so that what we give you, you know is accurate, and we have everybody here back and say this is exactly correct. >> section 702 was quite -- critical to the plot to bomb the new york city subway system. is that correct? likes non--- >> that is correct. not just critical, it was the one that developed the lead. i would say it was the one that allowed us to know it was happening. >> that is different in 215. >> that is different than section 215. i do think it is important that we get this right. i want the american people to know that we are trying to be transparent here.
to protect civil liberties and privacy but the security of this country. on the new york city one, it started with a 702 set of information based on operatives overseas. we saw connections into efforts a person in colorado pray that was passed to the fbi. the fbi determined that was, and phone numbers that went to that. the phone numbers were the things that allowed us to use the business records to going find connections from him to other players throughout the community specific in new york city. >> how was 215 critical? >> it is critical in cooperating, and in helping -- >> was a credible here? >> -- was 215 credible?
>> some on the business records were cooperating three i think it is important to understand that this is an issue that only part of the debate. i put on there also the boston we need to walk through that so that what we have on the business records, all we have on 702, what you debate, the fact that we can give you, how we to lead to the fbi. if we took that away, what we could not do, and is that something that women look at this from a securities perspective -- >> you could pass on the
permission to the boston authorities. they said they did not. my time is up. i mention this because we are going to be asked very specific questions. >> i want to make sure that we are clear on one point. when i say dozens. why i'm typing about is -- what i'm talking about it this authority comment each other to identify terrorist actions. the column at each other pray what you're asking me is to state unequivocally a or b current to be two. -- contributed. >> senator cochran. >> thank you. let me first ask general alexander, and jen -- in testimony that was received by
the armed services committee, was a discussion about how to provide incentives to talented i know it is hard to contemplate. what do you see as a first step in trying to get an inch or structure -- infrastructure organized appropriately to carry out these missions? >> thank you. i think the most important part of top to bottom is the training. coming up with a clear program, which we have done with the services and nsa, to develop a set of standards. the training in of itself helps -- great cyber force. we are standardizing that
training amongst the services, and between nsa and cyber command. raising the standards has a couple of benefits. the soldiers, marines, they get great training. it is something look forward to. the operations they do are significant. they feel good about what they are able to do for their country. it starts with training and building that kind of force. you mentioned incentives. adding incentives is going to play a key part in this. as incentive pay plays a key part, incentives for our cyber force is also going to play a key part. we had discussions with services about how to start that. we cannot have that in this this program you predict something we are looking at. >> there is also a question about whether or not the
department of defense has the resources to maintain a number of cyber tests across is services and agencies. again, in the training phase, there has to be exercises with conventional weapons, and other weapons systems. could you share with the committee what is your thought about cyber ranges so that you will have opportunity to one that certain areas we are putting a lot of effort into. i do think we need to bring the ranges together so we have a joint approach to this. one of the things that i would point out is the service academy. this gets into range issue when
service academies can compete against each other? when you think about that and a cyber range, what you want people to do is to practice their tactics techniques and procedures in a sterile environment so nothing bad happens. so they can learn. militaryeen in the side. we need to do the same here. those that have defended our ironies are going to do, and raise that. bringing the ranges together>> my staff and for me that last week emily received a notice -- our committee received a notice that half of personnel in the cyber threat center could be of load as a result
sequestration. that is a find. how do you find it welcome aboard -- has there been any intention given to what you want to do if somebody jumps up and says we have been sequestered? your fines have been sequestered? >> we have worked this across the defense department. the sequestration for all the military has been standardized across the departments. the nsa on intel side is not there. civilians will be sequestered. as an 11 day or one day week for the last last 11 days of the year.
that has a significant impact on us. i think that is a key issue, and has significant impact on our people. it goes right back to how do you hire good people, and then for load them -- furlough them? >> thank you. >> thank you for raising the sequester issue. it has been raised at the intel hearings when we mention the worldwide threat. we are precluded by the house from playing the in the bill. i think that the intel community, which is primarily dod, a civilian force, you need that flexibility. we look forward to working on ioth sides of the aisle to be would like to share with the committee, we're going to go to
durban, merkley, collins, tom udall, senator landrieu, senator feinstein. we will go right to you. then we will go to senator rosen, and then senator fryer. >> thanks to senator mikulski for bringing the cyber issue into sharp focus for the entire senate with their bipartisani was under the intelligence committee after 9/11. it was automatic investment in intelligence resources to keep us say. a dramatic investment in the personnel to execute the plan to keep us say. i trust, and i still do that we were hiring the very best. trusting them to not only give
us the best in terms of knowledge, but their loyalty to our country. aboutd like to ask you one of those employees. who is now in a hong kong hotel, and what we know about him as follows. he was a high school dropout. dropout. he had a ged degree. he was injured in training for the u.s. army. he had to leave. he did the job as a security guard for the nsa in maryland. shortly thereafter, he did the job for the cia in what is characterized as i.t. security in a piece that was published. at age 23 years old, he was stationed in an undercover manner overseas from the cia him and was given clearance and access to a wide array of classified documents. it -- at age 25 years old, he
went to work for a private contractor, and worked for booz allen, working for our government. i am trying to look at this resume and background, earning between -- i'm trying to look at the resume background for this individual that access to this highly classified information at such a young age, with a limited educational work experience, and ask you if you are troubled that he was given that kind of opportunity to be importanto information that was critical to the security of our nation. >> i do have concerns about that over the process. i have great concerns over that. the axis that he had, the process that we did. that is the bad to look at my
end -- that is something i have to look at from my end. lookedolute needs to be at three i would point out that in the i.t. arena, and the cyber arena, some of these folks have tremendous skills to operate networks read that was his job for the most part from the 2009-2010. he had great skills in that area. on rest of it, you have hit the head. we do have to go back and look at these processes, we oversight in those prayed we have -- we need oversight in those areas. >> 10 years ago i first introduce legislation known as the safe act, i bipartisan bill to reform the patriot act. it included chuck halal, john kerry, and barack obama.
my most significant concern with 215 was that it would be obtain sensitive personal information of innocent americans who have no connection to any suspected terrorism or spy activity. when the patriot act was re- upped in 2005, under this standard, the fbi would have broad authority to obtain any information, even tangentially connected to a suspected terrorist. 72 information could have led to 215 of record information on any suspect. innocentrovision, americans with no connection to any of these would be protected. the republican controlled senate approve my -- the bush administration objected. it was removed in the conference committee. in 2009 i tried again with no
success. beenhat the focus has lifted, the nsa obtained phone records of innocent americans with no connection to terrorism, the data includes the numbers of both parties to call us the locations, the time and duration of the calls. i have been briefed on these. i have -- i will not discuss their details here. it appears to me that the government could obtain the useful information we need to stay safe and still protect innocent americans. my question to you is this. section 215 can be used to obtain any tangible thing. that could include medical records, internet search records, text records, credit card records, -- last year the government filed to one of 15 --
215 quarters. there is an increase. this authority is being used for something more than phone records. let me ask you, do you think section 215, giving you authority to secure tangible things could include the category of things i just listed? >> we do not. i do not use those. i'm not aware of anything that does that. all we use this for today is the business records of pfizer -- fisa. as you know, this was developed -- and i agree with you, we have this concern coming out of 9/11 -- how we going to protect the nation? we didn't know where he was. we didn't have the data collected to know that he was a bad person. because he was in the united states, the way we treat it it, he is a u.s. person. we had no information on that. if we do not collect the ahead
of time, we couldn't make those connections. we did not have the data collected to know that he was a bad person. but the committees, by the justice department, by the court, by the administration. >> if you knew that is suspect may call in to area code -- the city of chicago it's certainly defies logic that you need to collect all of the telephone calls made in that area code on the chance that one of those persons might be on the other end of the foam. suspected contact, that to me is clear. i want you to go after that person. what i am concerned about is to
reach beyond that that affects innocent people. >> the agree at least on that part. the next step we need to talk about is what happens if you don't know he is in 312 yet? something happens and then now we say who was he talking to? let's take midar. midar was talking to the other four teams. under the business record fisa, we can take that number and go back and see who he was talking to. if we saw those other groups, we'd say this looks of interest and pass that to the fbi. we don't look at the identities of it. we only look at the connection. >> i went over time. you just gave an illustration we have specific information
about telephone contacts. what i quarrel with is collecting all the information in california on telephone records define a that specific case. that seems overly done. >> thank you. senator? togeneral alexander, i want talk about cyber command but senator durden has raised an interesting question. would this lead, the scenario he has laid out, to a telephone records search for all of omaha? walk us through that. >> the methodology would be let's put into a secure environment all detailedthese are two from records. we don't know anything that's in there.
we won't search that. unless we have some reasonable suspicion. if we see that, we have to prove we have that. given that, we can say who was the guy talking to an united states and why? >> you can search the breath of telephone records? >> all you are looking for on that is who did you talk to. the system gets respectfully was talking to. >> if you do not collected, how do you know who he was talking to? find outt give you any who he is talking to, you don't have the information. the issue is -- you bring it up because this came up ten years ago. how do we solve this problem? we want to protect civil liberties and privacy and protect the country.
the thought was a reasonable approach that we all agreed on was we'll put this in a way that we have tremendous oversight by the court. every time your people can go in, they have to have a reason to go in and look at the data. when they get something out, they have to look at it and say that this media reporting guideline? only a few reports a year go out on that> >> does this extend beyond telephone records? could you see what the person is googling> who that person is emailing? >> monthly identify person of interest, ghost the ei. the fbi will look at that and -- once we identify a person of interest, that goes to the fbi. >> so the answer is yes.
you could get a court order to do that? would that take a court order? >> it would. >> you've gotten into phone records, who they might be googling, who they might be emailing. what else do you feel you can get? >> i'm not sure if your question. >> you have this reasonable suspicion which is not even probable cause. >> wait, wait. let's just stop here a minute. we're not going to inhibit your
questions but i think we need to clarify the activity which your operating. you will be functioning also with the warring. myif i may, it's understanding you have the metadata and records of what appears on a
phone bill. if you want to go to the content, then you have to get a court order, the same thing you would do in a criminal case.
it would permit you to collect the content of
a call. you can ask if that's right or wrong. >> that's correct. >> i assume that. i'm not talking about content. i'm assuming at some point there would be a legal standard by which you could do that. what i am only getting to is you've identified that you can get phone contacts. i'm asking can you get google contacts? can you get email contacts? i'm not talking about reading the e-mail or seeing what they're saying back and forth. but i worry about is how far you believe this authority extends. i'm not asking about reading the email.
>> is a couple things i want to make sure we've got. fisa only talks about phone metadata. that's all that program talks about. any program that we have -- senator feinstein, if you want to get the content, you would have to get a court order. in any of these programs, we have court orders for doing that with oversight by congress, the courts and the administration. my concern is i think this is an area where we have to give both the details -- the american people need to understand it's a vacancy but we're doing so they can understand it and what the results are. we had this debate several times. tos is one where we need
bring out the rest of the story, show what we do, what it protects the country from, and have the debate. to do that, we have to give you the rest of that data. tomorrow we will put that in a classified session with the intent to get as much out in public so everybody has the information. the reason i hesitate here is i don't want to make a mistake that causes the statements i have for our country to lose some form of protection and we get hit with a terrorist attack because i made that mistake. >> i thank the chair for the additional time. the american public is fearful that in this massive data that you get, there is the ability the federal government to
synthesize the data and learn something more than maybe what was ever contemplated by the patriot act. the second thing is the more personal issue and gets into concerns about cyber command. you are and this unique role. we've always had this idea of separating civilian leadership of the military leadership yet you have this dual hat and it creates a concern. not about you because you've got a remarkable record and i thank you for your service but it is a concern and will we find you in.
and i just think we've got to get information to the public. we are all getting bombarded with questions he cannot answer. i am not the chair of the intelligence committee. i don't serve on the committee and the impression has been created that people parked in our office are given daily or monthly briefings on this and that is not the case. >> i think you had an excellent line of questions. we are going to move on from this question topics. what we are now moving into is a domain that is not the parameters of this hearing. this senator will not prohibit
any senators from asking any tomorrow in the feinstein hearing, many [indiscernible] i hope your questions will be as cogent as they are here today. >> thank you, madame chair. thank you, general. you referred to section 215. 215 requires for an application for production of any tangible thing. it says this application must have a staement of facts showing reasonable grounds that attend both things sought are relevant to an authorized investigation. so there are several standards
of law and that it's. a statement of fact, reasonable grounds, tangible things that are relevant to an authorized investigation. as it's been described in this conversation and in the press, the standard for collecting phone records on americans is now all phone records, all the time, all across america. how did we get from the reasonable grounds, relevant authorized investigations, statement of facts, to all phone records all the time, all locations? how do you make that transition and how has the standard of law been met? >> this is what we have to deal with the court. we go through the court process, a very deliberate process, where we meet all those
portions of the 215. we lay out what we're going to do. we don't get to look at the data. >> let me stop you there. these are requirements to acquire the data. here i have my verizon phone. my cell phone. what authorized investigation gave you the grounds for acquiring my cell phone data? >> i want to make sure i get this exactly right. on the legal standards and stuff on the part here, i think we need to get the department of justice and others. it is a complex area. you are asking a specific
question. i do not want to shirt that. i think we should walk through that with the intent of taking what you've asked and seeing if we can get it declassified so they can see exactly how we do it. i do think that should be answered. >> thank you. >> senator, i would like to help you out. you want to get it right. the answer should be in writing. that way you get it right and he gets his answer. >> we'll take that for the record. >> i asked that i get answered tomorrow. i would suggest both in writing, the hearing and into
his hands. >> i thank both chairs. if i can elaborate, is that okay? in between these two pieces, fisa is in competition -- gives an interpretation of the law. into what is governable. i have an amendment that said these findings of law that translates requirements in the law into what is permissible, needs to be declassified so we can have the debate. i believe what you just said is you want that information to be declassified, that explains how you get from these standards of law to the conduct that have been presented publicly. did i catch that right? you support the interpretations
of the fisa core to be set for the american people so they can have this take place? >> i think that makes sense. i want to make sure i put this exactly right. i don't want to jeopardize the security of americans by making a mistake and say yes, we're going to do all that. but the intent is to get the transparency there. senator, i will work hard to do that. if i can't do that, i will come back to you and tell you why. thefer to the chair of intel committee but i think that is reasonable to get this out. i don't have the legal background perhaps you have in this area.
i want this debate out there for a couple reasons. i think what we're doing to protect american citizens hear is the right thing. our agengy takes great pride in protecting this nation and our civil liberties and piracy. doing in partnership with this committee and congress and the courts, we have everybody there. we aren't trying to hide it. you're trying to protect america. we need your help help doing that. this is not something that is just nsa or the administration doing it on its own. this is what we expect our government to do for us. we have to put those two together. i just want to put that one caveat there. if i can make it happen, i will. ask thank you for your expression of support. i also want to thank chair feinstein who helped develop and sent a letter expressing this concern about this secrecy of the interpretations of the
court. i do think it's time that become understandable in public. otherwise how can a democracy do you have a debate if you don't know plain language means? i have concerns about the translation. i will continue this conversation and thank you. >> senator collins. >> thank you, madam chairman. i'm going to ask a question about computer security. before i do, i want to give general alexander a chance to answer a very good question that has to do with americans concerna about their own private computer security and privacy. i saw an interview in which mr. snowden claimed that due to his position at nsa, he could tap into virtually americans phone call or e-mails. true or false? >> false.
i know of no way to do that. >> perhaps that's one issue we could put to rest. now let me switch to computer security. >> oh, boy. >> in the president's budget, it is mentioned that the nation has four top cyber risks. the first one has been of great concern since we produced a bill last year that could not get past. that is a tax better aimed at our infrastructure. the general has alluded to the fact that much of our critical infrastructure is owned or operated by the private sector.
it's 85% in the private sector. our fbi witness has talked about the eye guardian program which encourages private industry partners to report cyber incidents to the government in real time. ar legislation last year had requirement of the owners and operators of critical infrastructure would be required to report major cybersecurity incidents. is the administration still support mandatory reporting in such cases?
>> that was our position then. that remains our position at this point in time. we are prepared to work with congress. you all ultimately write legislation that remains the administration's position. >> thank you. in that legislation, we did pay attention to the need for a more expert cyber workforce. this latest account that such a great job of going to the resume of this individual. it underscores how much work there is to be done in making sure that we have a well qualified cyber work force. i would like to hear from all four of you on whether you are recruiting individuals who have
the skills that you need so you can avoid having the hiring of a young high school dropout, community college dropout, did not complete his military service, young person with so little experience being given access to so much classified information. >> i would like to say first that in the military, we're going to hire young folks out high school to work in this area. the key will be the training we give them. ideally we would like to get four years of a top knowledge, top-notch engineering school for some of the military
positions but we won't get that's what we have is the responsibility to train them. it takes several years to get somebody trained in this area. in effect what we are running as a cyber college for many of our young enlisted folks. on the nsa site, we are able to hire more college graduates into the government side. what i need is greater scrutiny. what am i getting with my contract support, what other capabilities and how we manage that from a government perspective? that's something i have concerns about and have to address. >> we have a major initiative underway. we have defined our cyber workforce, we are matching the positions with the skill set
required to serve in those positions. ofare also in the process looking to hire another 600 individuals to augment that 1500 person workforce. we have a series of programs, one with community colleges where we are looking to find people who have taken the correct courses at any college level who can hire as beginning workforce members and train them up. we also have a work force program in conjunction with nsa that goes to college is to have centers for excellence that provide us with top-notch, four year graduates. and an effort to reach out to the private sector to find individuals there. i think we have an x workforce. but we have a provision that was in the building you work on
and that we would like to see in any cyber legislation that gives us some assistance in terms of recruiting and retaining that kind of a workforce which will allow us comparable pay and benefits to what nsa is able to offer to its workforce. >> thank you. and my time is expired. i will ask the other two witnesses to submit their answers for the record. >> i think you're absolutely right, senator collins. thank you for asking question. we going to turn now to senator udall. we keep hearing snowden had skills. reviewed it.
- maybe he did. but just because you're a champion summer does not mean we need to make you a navy seal. i will leave it at that. >> thank you. i think the entire panel for their service of his country during these difficult times. i would like to welcome dr. pat gallagher. although his career took him away from albuquerque, he is a native of new mexico and i want to recognize him for his leadership and his commitment to public service. heregood to have you today. american citizens, businesses, and government agencies face serious cyber threats. you've talked about some of these here today. personal data, trade secrets and national security secrets are at risk from an fusion by independent hackers and foreign governments. i supported cybersecurity
legislation in the senate and i support funding for our cybersecurity defense. the elephant in the room today is that many americans are also becoming more concerned about what their own government is doing with domestic surveillance. oft week, we learned widespread collection of american phone numbers under the patriot act and the massive scale of online surveillance through the prism system. i voted against the patriot act in 2001 and the fisa amendment act in 2008. i have also voted against the reauthorization since then. several of us attempted to add privacy protections to these laws but faced strong resistance is. today i am sending a bipartisan letter to the privacy and civil liberties oversight board,
asking them to make it a priority to investigate the phone records collection and the prism program to determine whether they are conducted within the statutory authority granted by congress and take the necessary precautions to protect the privacy and civil liberties of american citizens under the constitution. the board was created by congress based on a recommendation of the 9/11 commission but it has taken years to get a full membership and the chairman. i have been working to get this board operational since i was in the house. i believe it can provide an important check against civil liberties abuses. richard clark, who was the counterterrorism aide under three presidents, wrote an article recently on this and suggested we would not have the problems today if we stood up
the sport much more quickly. general alexander will the nsa cooperate with any investigation conducted by the privacy and civil liberties oversight board into the agency's collection and analysis programs? >> we well and i think my deputy met with the board briefed them. from my understanding, it went well. i do think what we are doing does protect american civil liberties and privacy. the issue is to date, we have not been able to explain it because it's classified. that issue is something we are
wrestling with. how do we explain this and still keep this nation secure? that's the issue we have in front of us. this was something debated vigorously in congress. both the house and the senate. when you look at this, this is not us doing something under the covers. this is what we are doing on behalf of all of us for the good of this country. now what we need to give his bring as many facts as we can to the american people. so i agree with you. but i want to make it clear. the perspective is we're trying to hide something because we something wrong. we are not not. we want to tell you what we're doing and say that it's right, the american people see this. i think that's important. but i don't want to jeopardize the security of our country or our allies.
so that's what we have to weigh in what we look at what we're going to declassify to allow this public debate. >> i appreciate your answer but it's difficult to have a transparent debate about secret programs approved by a secret court issuing secret court orders based on secret interpretations of the law. i know there are many other questions here. i will ask the ones in closed session woman get together later in the week. i have several other questions on cybersecurity but i see my time has expired so i will submit those for the record. thank you for your answers. i appreciate you meeting with the board and briefing them on what you're doing. i think they are a good counterbalance in terms of what's going on here. i hope to have the credibility to answer these questions also. thank you.
>> thank you. i want to respond to a tweet about me from rosie gray. she said, senator barbara is trying hard to keep the other senators from asking general vendor anymore about data mining programs. i want to say to rosie, there is no attempt here to muscle, stifle any senator from asking any line of question. we have an open hearing the purpose of the hearing is the enduring war of cybersecurity. we might be concerned about data mining we are also concerned about stealing the cyber fraud going on against senior citizens, identity theft,. so we're here in cyber but any
senator can ask any question at this hearing that they want to. it's an open hearing, high, look forward to keeping in touch. [laughter] >> i want to send a message to rosie as well as a member of the other party. senator mikulski, chairman of this committee, has been extremely tolerant of our diversion from what the purpose of what this appropriations hearing was. this is the appropriations committee. our purpose is to determine what kind of financial resources are agencies need to address critical issues facing our
country. we have diverted thanks to the tolerance of the chair to critical question but one that is scheduled to be and will be thoroughly discussed with every member of congress and with the public to the extent that is. general, i appreciate your answer to the question. you're walking a very difficult tightrope here. there are demands that you release previously classified information to not just members of congress but to the general public. and if you don't do that, this frenzy of mischaracterization of these programs will continue in the public. so you're caught the train rock and a hard place. i regret that. i've been urging my colleagues before they draw a conclusion to go learn about the program
before they go public. an enormous effort has been made to respect the privacy and civil liberties of americans. and the hurdles you have to go through to get the most minimal information. as the public learns more, the public interprets that everything has been said over a phone is stored somewhere and you can go in and retrieve it and there can be abuse of that. you tried to clarify that a number at different times in terms of what you collect and what you don't collect. and how you have to go through a legal process to even begin to
ascertain information necessary to come to some conclusion about whether or not this country is about to be attacked by terrorist. given the fact that this issue has swept across the country and you're in a position where we have to disclose more about it to calm the public misperception of what it is, are there consequences? we have to look at both sides of this question. being transparent, addressing civil liberties and the importance of keeping some missions and activities in a classified manner so that those intending to do us harm don't learn about this and therefore make adjustments to bypass the very methods we have to
potentially prevent a serious attack against the united states. i would like to address that question. a little bit more about the consequences of our -- open this up for the whole world. that means people sitting in places where they are trying to determine how they can best attacked united dates. -- the united states. >> thank you for the question. that is my concern. great harm is artie been done harm has already been done by opening this up. and the consequence is our security is jeopardized. there is no doubt in my mind labeled those capabilities as a result of this. not only the united states but those allies we have helped
will no longer be as safe as they were two weeks ago. i am really concerned about that. i am also concerned that as we go forward, we now know some of this has been released. so what does it make sense to explain to the american people so they have confidence that their government is doing the right. i believe we are. and we have to show them that. you said is right. we have great people working under actually difficult conditions to ensure the security of this nation and protect our civil liberties and privacy. they do a great job. i like the american people to know that. they would be tremendously proud of the men and women of nsa could've done this for the last decade. it's a great story. the issue is we then have to debate how much we give out and what does that do to our future
security? that is the issue before us. there is water, broken glass and everything else on the floor. as a nation going forward, we have to say what can we do? that is where congress has to stand up. on behalf of the american people, some of these will be classified and should be. if we tell the terrorists every way we will track them, they will get through and americans will buy. that's wrong -- americans will die. that's wrong. i thought the great part about the program was we brought the congress, the administration, and the courts together. some of this is out there and it is right we have that debate.
what makes sense to put out there so people we know what we're doing is right, we should do that. apple be good for the country. there's other parts -- that will be good for the country. there are other parts where you need to say don't do that. that's where you and potentially the courts should come together and say now what do we do? >> thank you. i appreciate that statement. i think it should be made in the record of published across the nation. >> i would like to follow up by saying general vendor, i am so -- general alexander, i am so proud of you for being in charge of this. your demeanor during this whole process has proven to me that you are the right person for this job.
-- the four starsu.s. says attacks on50,000 networks every hour. 6 million a day. 140g the attackers are foreign spy organizations. this is what our men and women are up against. we are not in a scrimmage. we are in a war. it's a very serious issue and we are way behind the eight ball in terms of allocation of in balance this new war that we have never fought before under the constitution is
probably the best and most open in the world. i think they need a little space. secondly, i have every confidence to provide leadership. this is one of the best hearing i have ever participated in in almost 18 years. inave great confidence senator feinstein. i don't think there's anyone who would question her integrity on this this issue as head of our intelligence committee, trying to balance the civil liberties representing the state of california which probably has the strongest views on this than any state, and the military which has been engaged since the beginning of war but never one like this. i am very proud of our military and that you, general alexander. i hope more of this can be brought to light.
i want to say one other thing to you. your staff is terrific. they briefed me privately yesterday. when asked to describe the scope of security and challenge before us,somebody described like this -- the department of defense is the coke bottle cap. the federal, civilian government is like the coke bottle itself and the companies is the entire room the bottle is in. while all questions are being peppered to the top of this coke bottle, the room we are in is the battleground.
it takes huge resources and an unbelievable amount of commitment and compromise between the government and private sector. i want to ask the secretary of homeland, when the president issued his executive order on improving critical infrastructure cybersecurity, it requires not only you but commerce. treasury is not here. to come up with a report. the report is due today, 120 days from it. do you have the report? if you don't have it, when are you going to have it? and the top findings in the report. >> yes, the report has been done and sent to the omb.
i trust the commerce and treasury have sent in their own report on incentives. it will be subjected by omb to an inter agency process. the expectation is to release it to you for public comment. what we want out of this is to pull together. we had workshops last week. we had a meeting in pittsburgh to draw in the private sector to give us their ideas about incentives to have critical infrastructure adopt the cybersecurity framework. that report will cover such things as insurance is a possibility, i will cover such things as certification with liability protections. these are all ideas and a formative stage. i don't think it's appropriate
getting ready for the bill to pursue this topic. we covered a lot of topics today but we really count on you and homeland security area. >> thank you for holding this hearing and thank you to the witnesses for their service to our country. to be corrected, if any to be corrected, i would like to read my understanding of section 215. wasness records provision
created in 2001 and the patriot act for tangible things. hotel records, credit card statements, etc.. e-ngs that are not phone or mail communications. the fbi uses the authority as part of its terrorism investigations. the nsa only uses section 215 for phone call records, not for google searches or other things. collectstion 215, nsa phone records pursuant to a court record. it can only look at that data after a showing that there is a reasonable, suspicion that a involvedindividual is in terrorism actually related to al qaeda or iran. canhat point, the database
be searched but that search only provides metadata of those numbers of things that are in the phone bill. that person, so the vast majority of records in the database are never accessed. and are deleted after five years. to look at or use content of a call, a court warrant must be obtained. is that a fair description? >> that is accurate, senator. >> thank you very much. let me express my hope once again. you expressed some things to majority of records in the database are never accessed. and are deleted after five
years. to look at or use content of a call, a court warrant must be obtained. is that a fair description? >> that is accurate, senator. >> thank you very much. let me express my hope once again. you expressed some things to us yesterday. i think it's very important to show the cases where this is been used and has been effective and do that tomorrow as a classified briefing for all senators. though you do that? what he will bring those -- >> will you do that? >> we wil bring those and work with the agency so aggregate numbers can be released. >> that is appreciated. betty go to cyber. -- let me go to cyber. saxby chambliss with whom i work closely, we have been trying to forge a census information sharing bill. other senators and members of this committee. theof the main things is extent of liability protection, the importance of the domestic portal of entry for cyber attacks. i would like to ask
that you described what is meant by a civilian portal for senators assembled here today and also, the rationale. why this is important for privacy and other reasons. >> the reason of a portal see into the civilian infrastructure is of the nation knows somebody is not going directly to an intelligence or military thing with secret information but rather give it to dhs and it can be pushed to fbi and nsa cyber command because we all see the data at the same time. worst at the fbi and then at the i can shoot it to both of us. so you have a way doing this. i think that's critical. given the discussion we have on other parts, the american people know we are being
transparent. we don't look at the cyber infrastructure to know what is going to wall street as an example. wallere is an attack on street, i won't see it until afterwards. make of that as a missile coming up to wall street. people that do see it could tell us that there is no guarantee and there's no quick way of doing that. cyber legislation is needed for that. we need to share that information because all of us needed. our role would be to defend the country. if this is a nationstate trying to take on wall street, you want us to act. a thriving all that is needed >> let me go to another subject to a. of liability protection. liability about what protection standard should be in a bill.
there are two parts of it. one is for use of e-government countermeasure. the other is voluntary information sharing between two companies. feelnk many members companies won't share unless they have immunity from identity. could you comment on that? >> there are two different aspects as you stated them. one is how do you share with the government which action you take? here's where i think my personal thoughts on this are. if the government asks the company to do something to protect the networks or do something and a mistake is made and was our fault, then they should have liability protection for that. they should not stand up and be sued. but if they go company to company and a sharing data back and forth as they do today, i'm not sure the government needs to provide liability insurance that way. i think they're two different
things. this is something the administration, your folks, and we are to bring everybody together. i think we want to get it right. there are subtleties to adjust said. . and're different cases conditions upon when and how would act and what level of liability you would have. those are the ones we truly have to get exactly right. from my perspective, we can't wait-- grant everybody gets liability protection. there is something in the middle we have to get right. the my perspective is when government is asking to do something, which heavily as part of that liability protection. >> thank you. >> thank you all for being here. i have some questions about the
situation we are in. i would like to wait until we get into the classified. i think you said about as much as you can say in a setting like this or it -- like this. we're probably not talking about enough. this is a far-reaching program that has tremendous implications to the general public. having the military, you are a tremendous american. havingink the idea of military control, we have had those firewalls in the past. at some point, i would appreciate your contribution in
that. aboutnot talking about that. in regard to cybersecurity, what are the top countries paying us? who is involved in this? >> we do have an answer for that. that would be a more appropriate discussion in a classified setting. >> so it is not ok to say he was getting after us? thisdon't believe in setting based on the fact that our information and assessment is based on our classified work, i don't believe be overstepping a line. >> you -- you mentioned the fbi's connection with state and local law enforcement.
d phillips federal government is doing enough to aid -- do you feel the federal government is doing enough to aid when faced with a cyber attack? >> you mean stay in law local enforcement? the short answer to that is no but i'm happy to report we have a working plan moving foward. two months ago, we met with variuos associations are presenting police -- we met with various associations representing police and other organizations. going through a discussion of where law enforcement is with the cyber threat, we realize collectively that information is not slowing down to the state and local departments.
they do not have the capability or level of confidence to address it. we decided we needed to address that. we have worked a private plan out. the centerpiece is the internet crime complaint center really get thousands of complaints in a year from people who have been defrauded over the internet. most of the complaints do not meet federal prosecutors guidelines. it's not something a united states attorney's office would routinely prosecute. it is not something the -- either the fbi or sick at service would routinely investigate. routinely investigate. >> because the competence level is not where it should be, it is simply falling off. >> i could not hear your word.
i could not hear you. are you saying confidence or top tents -- competence? >> technical capability, competence. we are working out a pilot project where we are going to threatsthese types of and actually disseminate them straight to the major departments where they are located. at the same time, we're going to increase our outreach to state in local law enforcement and give them the tools and the training that they need to get them to that level of technical competence that they need. >> working with the fbi and a number of cases, as you indicated in the joint task force, we have a national computer forensics institute in alabama and we have trained over 1300 state and local law- enforcement, prosecutors, and
judges in order to be able to deal with this. what we are dealing with here is the competence or not the national security threats or the criminal fraud threat. it is the stealing of credit cards and other identifiable information and using it to take money out of banks around the world. you heard about the $46 million taken out including a large amount in this country. traininge kind of where we can give them the confidence and we can work with them. it's something that we and the fbi are trying to do very much. to outreach we have had various police associations and others as part of it. the main thing is to get the training to work together. a lot of this happens overseas and it's where we have to be involved to trace those
overseas. they do not really have the ability to do. it's a joint program and really quite successful. >> thank you, madam chair. i want to thank all of you for being here, particularly general alexander. thanks for your service to the country. i have been looking at the slide you have provided and it is very helpful. seven agencies are involved including the defense that every agency must do. according to my notes, after the wikileaks incident, a directive order told them to increase security and created committee. you have three years to improve the control of classified networks and information. it looks like we lost a bit of the problem that is internal, not external.
you tell me the president has requested $13 billion in cyber spending for fiscal 2014 and someone not even accountable to your chain of command or anyone else in your government is able to get his hands on a court order allowing for the collection of metadata from verizon. how on earth does this happen? wide as a contractor have access to information when we are spending $13 billion to keep outsiders from getting their hands on it? -- why does a contractor have accessed? >> in our networks, the system administrator, the i.t. infrastructure, it was order allowing for outsourced to push more of our work out to contractors. as a consequence, many in government, not just us, have system administrators who are
contractors working and running on networks. they don't have total visibility of the network, but they get key parts to it. in this case, the individual was an assistant administrator with access to key parts of the network. we have to address it. it is a serious concern to us and something we have to fix. >> from your perspective, do you anticipate a recommendation coming forward that this will be done in house instead of contractors? >> i'm not prepared to make that statement yet. i don't want to react because there are good contractors out there doing a good job. we have to look at the oversight mechanism that we have, the checks and balances in the system, the automated checks and balances that exist, and what we can do to improve it. as you may know, what the department is going through in the joint information department wouldn't -- would assist.
goign to the jie is a huge step in the right direction. it is things that we can and should do, but that will take time. i don't want to mislead you. it is one that i know i have personally talked to the secretary about. we are pushing this. it's the right way to go. i wish we could go back in time. nsa is doing the same. >> financial services. isost every night, someone trying to hack the system. do you have a mechanism by which you can follow up if a bank gave you an ip address that they think is doing the problem? affect the not -- if that's not the right question for you, you
can let me know. a almost assuredly if it's criminal or another, we may have people on the team. they would tip that over to us. we have made great accept -- strides in bringing it together. it would be fbi, dhs, and us. ipwe gave out 200,000 addresses to block when those distributed denial services are detected. some are overseas. we also send them to friendly governments. we do this on a regular basis as part of this tripartite team. >> of they come to you with an ip address they think is trying to hack the system, do you
follow-up? >> and exactly the same way. the three agencies that we represent a go provide some forensic assistance with respect to that particular incident. then we provide a larger mitigation message out to the rest of the community so that particular form of attack cannot be replicated. >> do you go back to the bank that has initiated this investigation and tell them what you have done? >> we do. when we put out the information, we do not necessarily indicate which bank was affected. we make it anonymous unless they want to make it public. >> when a bank comes up to me and said, we give them ip addresses and they do not follow-up, do you classify that as being baloney? >> i cannot be to each and every one of those incidents, but i'm telling you the proposal, the way we work as a team in order to try to do it. if a bank has spoken to you
about it, we would be happy to get back to them if they are prepared for you to say. >> there are multiple banks will talk to me about it. i just want to say thank you very much. mights been a lot, if i editorialize, there's been a lot of concern about what has happened in the past couple of weeks and i don't serve on the intel community -- committee. think tell you that i it's positive for this country to be having the discussion that we're having. there may be some negatives involved, but i think it's positive to have the discussion so that we are thinking about civil liberties, thinking about freedom as it regards to our national security. you have a tough job, but we will get through this and hopefully we will secure both our security and freedom when it's done. thank you very much. >> madam chairman, thank you
very much for having this meeting. >> i was going to refer to cow excrement. >> then we are lucky. at me start by saying that thinker nations most important cyber security research is the cyber workforce. the right people using it and even the most sophisticated technology is even only of limited use and that is why i think it's important that we successfully identify, recruit, and train for the foundation of any of our national cyber security plan. dhs is really important tools in my state and we host a number of the centers of excellence. we have the information assurance centers and we have the information of assurance research centers in seattle and
the two year education center. together, those programs really offer cyber security education and training at the two year, undergraduate, masters, and phd level. if you could comment on how you think these centers of excellence play in to the cyber hiring pipelines and workforce development, i would love to hear your comments on that. >> we absolutely are dependent upon that form of education as a way to get qualified individuals into our workforce. at dhs, we have an outreach program to community colleges but also the centers of excellence as well as universities. the only comments i would make is that we do not have enough people around the country training to do all the jobs that we in government and the private sector need to have done and i think that's really one of
the educational frontiers for this country, create that kind of a workforce for all of us. that is certainly something that we support very much. >> thank you for the question. that is a huge program that we work on with over 100 40 different schools collectively between dhs, nsa. the curriculum we set up with the schools, it's not just you get a thing and do it, but you set up a curriculum to help ensure the students going through that will have the background we need in information assurance and the knowledge of cyber security. there are double activations you can get done. these are difficult to get into. it is not something we just grant. some of the schools bring it forward do not meet the qualifications and do not get
the creation. -- accredation. tos great for our country build that workforce. >> i agree. i know a coherent strategy really requires cooperation. you have tough collaboration between government, industry, and academia. as we saw with the information economy and the internet, clustering these in the appropriate government agencies together offers some really great benefits. within the cyber security industry, the puget sound in my state, it has emerged as a leading cyber cluster, if you will. unique and nationally recognized in what they have to offer really creating a great environment for cybersecurity to flourish. they have some really great stakeholders. they have the center for cybersecurity assurance and we have great influential
technology and defense companies, microsoft, amazon, boeing and we have two military installations. i've really seen personally how those relationships have benefited the region. secretary gallagher, i would love if you could talk about the importance of the so-called cyber clusters like we have in my state and the steps they're taking to really promote those. >> the notion of a cluster as a way of creating this amplification effect is broader even than cybersecurity. get tends to happen is you a critical mass where you have enough expertise that it creates a pole and the talent base really starts to create wind. you attract the right kind of
companies on the government agencies, academic programs. i think it has to be a key part of the cybersecurity education effort as well because in the end, you are talking about workforce development. you're going to have to bring together why public-private partnerships are going to be such a key element. senator mikulski provided a program through the national science security center of excellence which leverages maryland and virginia, who have also been looking to bring in companies to work collaboratively on cybersecurity to create this tipping in effect that you so eloquently described that are parts of clusters. >> i'm a great proponent of that. i'm out of time, but i did want to submit a question about the national guard. we are going to make sure that we are coordinating with them because they will be our boots
on the ground and i'm hoping we are doing the right thing there. on that, i would just like to submit that question. >> thank you, senator. we hope that the subcommittees will be having follow-ups that will go even deeper into this in terms of the clusters. we have the national security headquartered there. we have the national institutes of standards headquartered there. we hope to have the fbi quartered there. >> but thank you very much. senator shelby, did you want to say something? >> just one last observation. i want to thank the panel, all of you, for your service to the country and the way you have conducted yourself before you got here today and what you have done here today.
thatnk it has to be said we work together. thank you. >> well said, senator shelby. if there are no further questions, senators may submit additional questions for the committee's official record and we request the witnesses respond within 30 days. inpreviously announced and part of our practice for security issues, we will now move to a closed briefing. before we do, i would like to make some general closing comments. i really do want to thank the witnesses for participating. it was a good hearing. tople do have the right know. people have the right to say their voices which is why we responded. i think the big national debate that started after 9/11 is the inherent tension between security and privacy. it is now time for a fresh national debate.
the second thing is that many us are concerned about the access to people and businesses information? snowdonof the revelation, what about governments access to that information? whether it is through the nsa, the irs, whatever before asking, what is the government doing? the purpose of this hearing is who is rating the information that we have? maybe the are concerned about what the nsa is doing, but i'm concerned about the people every single day who are trying to get access to someone's social security number, their medicare number, their checking account number, their smartphone information so that
they can either still from them -- steal from them or have other kinds of access. i'm worried about that. i'm concerned every day about the number of people out there that are coming up with new ideas and new products to create new jobs for the 21st century. the are being stolen in greatest cyber espionage highest. you can steal it from the fda or the patent office. i'm worried about that. then i worry about things like access to those who are trying to raid the grid. tonight, there's a gathering storm. we fear another dorecho may be hitting and we know when the grid is shut down, it's a terrible consequence in terms of our society.
i don't ever want to have a grid shutdown in the greater capital region or anywhere in the united states. for the purpose of this hearing, it was to go after those who have predatory intent, predatory premeditated intent against either an individual, business, or critical infrastructure. those who are also concerned about if government is now passing beyond a red line on civil liberties. i think we ought to have that debate. we have to have that discussion. it could be the subject of another hearing here. there will be the feinstein hearing, the judiciary meeting. you know what? this is america. people have a right to know. they have a right to have their public officials explain. i think it's been a great hearing. this committee will now stand in recess after the closed briefing on till the morning of
thursday, june 20, where we will vote on spending allocations and importantof the very legislation of veterans affairs and agricultural appropriations. this committee now stands in recess. [captions copyright national cable satellite corp. 2013] [captioning performed by national captioning institute] about studentk loan interest rates that are set to double july 1. unless congress agrees to adjust the rates. congressman klein's bill which ties rates to the 10-year treasury note passed the house on may 23. newsmakers" sunday on c- span. three days before the battle, sunday morning, he is walking
up, and he gets up to the headquarters to assume command and poker, is such a poor leader, he has not even gathered one single detailed map of southern pennsylvania. meade takes command, and he does not have a map. thehe 150 anniversary of battle of gettysburg. sunday, june 30 on american history tv. robert mullerr testifies on counter-terrorism and the national security agency data collection program. this was director mahler paused last oversight hearing before the committee. when his term ends in august, he will be the second longest serving fbi director after j. edgar hoover.
federal bureau of investigations. i will recognize myself and the ranking member for opening statements. this hearing on oversight of the federal bureau of investigation will come to order. we welcome director muller to your final appearance before the house judiciary committee as applied rector, and we are happy to have you here today. before we begin, let me take a moment to congratulate you on your successful tenure under the fbi, you undertook difficult circumstances, and you were confirmed one week before september 11, 2001 and the attacks on new york city and washington, d.c. during her 12 years as director you have led the transformation of the fbi to and law enforcement agency into a complex intelligence-driven national security organization whose primary missions include the most security threats facing our nation today. you have done the american
people a great service and for that you have my sincere gratitude. we now know that last week's unauthorized disclosure of certain and as a intelligence programs was committed by a 29- year-old former defense contractor. i know there is little you will be able to say about these programs in a public hearing but i and other members of the committee believe it is important for you to explain to the extent you are able why you believe these programs are a necessary part of america's counterterrorism operation. i also believe the reports run in the nsa programs illustrate this administration's ongoing problems of national security leaks. the obama administration takes credit for having investigated more national security leaks than any other prison ministration. while this may be true, i am not certain if it is due to an more investigative approach to security leaks or the simple fact that there have been
a shockingly high number of leaks in the last four years. these illustrate the balancing act between the need to protect national security information and investigate leaks, and the need to preserve first amendment right to freedom of press. regardless of how some members of congress may feel about the recently revealed as a programs, the fact remains the terrorist threat to the united states is ongoing. we were reminded of this two months ago with the boston marathon, traditionally a day of celebration, the target of a terrorist attack. dzhokhar tsarnaev and his brother set up 20 explosions that killed three people and injured more than 250. this attack was a great reminder, as you warn this committee in 2010, at domestic and worn -- lone wolf extremists are now just a series a threat to international organizations like al qaeda. i want to commend the fbi and its state and local partners, all of whom worked tirelessly to
find benefit the bombers and apprehend dzhokhar. attack, federal agencies, including the fbi, received information about tamerlan. concerned inadequate coordination may have prevented robust information sharing in this case. it is imperative the administration and congress examine the matter closely to identify areas in which intelligence information sharing can be improved. on the subject of counterterrorism, i also look forward to hearing about the fbi efforts to investigate the attacks on the american consulate in benghazi, libya. following the attacks, the obama administration called them a spontaneous response to a video critical of islam. as we all now know, the attacks were in fact preplanned acts of terror. i am intenselycoordination may d robust information sharing in this case. it is imperative the administration and congress examine the matter closely to identify areas in concerned the administration's handling of the attacks as an for the fbi's ability to conduct a thorough
investigation. as former deputy of chief mission gregory hicks testify, it ministrations mischaracterization of the attack so angered the libyan government that they prevented the fbi evidence response team from traveling from benghazi for two weeks. finally, i am interested in hearing about how the bureau intends to tighten its belt in a responsible manner during this time of fiscal uncertainty. along with crime subcommittee chairman brenner, i asked several questions about the fbi's budget and spending priorities, including the policy to provide extensive benefits including paying for all laundry and threw for the highly paid professionals brought to work in fbi headquarters for 18- month stints. i appreciated receiving your response last week but i believe this is an area where the fbi and other law enforcement agencies are not making the best use of taxpayer dollars. i hope to hear what the bureau
intends to do with this issue. i look forward to your answers today as well as on several other issues to the fbi into the country. it is now my pleasure to recognize for his opening statement the ranking member of the full committee, mr. conyers. >> thank you, chairman could lead. i join in welcoming the director of the federal bureau of investigation's. -- at a timeay when the nation stands at a legal and political crossroads, we are confronted with a ,eemingly endless war that increasingly, must be fought in the digital age. i say this not only because of the recent disclosures and the nsahe fbi
surveillance programs, but because of a range of actions that have occurred since the attacks of september 11, 2001. it is not a partisan concern and it is one that applies both to the present administration and to the last one as well. concernt a toticularly limited surveillance programs. it extends through our increasing reliance on drones to conduct foreign policy and the government's use of the so- called state secrets doctrine to avoid legal accountability. yes, in those -- in no small part because of the actions of an essay and the federal bureau it is my fearion's,
we are on the verge of becoming a surveillance state, collecting billions of electronic records on all law-abiding americans .very single day the recent disclosure confirmed by the administration that section 215 of the usa patriot in as being used to gauge nationwide dragnet of telecommunications records. i have, along with many of my colleagues both democrats and republicans alike, long expressed concern that section 215 fails to impose a meaningful limits on the government's ability to collect this type of
information. if ever a call is relevant, then the relevant standard we enacted into law has little practical meaning. point is the total secrecy in which surveillance operates under the patriot act and fisa. this secrecy and denies congress the opportunity to conduct meaningful oversight and prevents the public from holding its government accountable for its actions. difficult ands a sensitive issue to resolve, but that is our job. a free society can only be free its informed- asks
citizens, it is critical the public knows how it got into government, treats the content of its e-mail and telephone calls, even when it collects them by mistake. some members of the congress have chosen to receive classified briefings about these programs. i among them. these briefings, though, often prohibit attendees from taking even notes or to even discuss such information with anyone else. and with all due respect to my friends in the administration, the mere fact that some members may have been briefed in a classified setting does not indicate our approval or support of these programs. indeed, many of us voted
against the reauthorization of the patriot act and the fisa amendments act, precisely because of what we learned in those classified sections. i agree with president obama about the need to find a way to have a responsible conversation about these issues and how we can ingate all americans in this debate to a maximum extent possible. but at a time when no major decision of the fisa court has and when thefied, administration continues to rely on the state secret doctrine to avoid accountability in the that we arest say a more publicve
limited,nal, even if conversation. the only way to ensure this critical debate will actually occur is for this committee to achieve an appropriate balance between the need for secrecy and the need for informed debate. one way to tell that that balance has been tilted too far in favor of national security is when individuals in public service have legitimate grievances with our government but feel they have no recourse but to leak classified information to the press. i do not condone these leaks. i believe that we failed to address the concerns at the heart of these controversial programs, that there will be
more leaks. as one whor moeller, supported the extension of your and whoserector, integrity i have always held in , we come in the end, are a nation of laws and not men. respect, with all due my considered judgment is that the federal bureau of investigation actions are inconsistent with the requirements of the patriot act and violate the fundamental ,rivacy of law-abiding citizens and so i can assure i started. particular,, and in this committee, stands at a
crossroads. seems a new part of the medieval architecture put in place to fight this war on terror is exposed. the prison at guantanamo bay is unsustainable. held there, 86 are already cleared for transfer. more than 100 are engaged in a third month of a hunger strike. nearly 2000 personnel are needed to keep the prison functioning. thanks in no small part to the efforts of the chairman, we have begun to explore the legal underpinnings of the administration's grown programs. there is a growing bipartisan unease with the notion that the executive branch can kill a
united states citizen on its own "termination that he poses a imminent threat." and with respect to the 215 collections exposed only last the, it seems clear, government's activity exceeds the authority does congress has invided both in letter and spirit. with every new disclosure another piece of the legal architecture put in place after september 11 crumbles, and so it is my hope that over the coming members of this judiciary committee can come together and conduct meaningful oversight of these programs.
where needed, we should pass credible and legislative -- credible legislation, just as we did on a unanimous basis after september 11. tomorrow morning, my colleague and i will introduce a bill that impenetrability of surveillance programs. it is not the only proposal to address these problems. it should not be the only response to the broader questions we face, but it is a myest start, and i hope that colleagues will join me. this is a time for members of both sides of the aisle to come together and help restore our nation to its proper role as a beacon for civil liberties around the world. i thank the chairman for
indulging me additional time to make a statement. >> without objection to other members opening statements will be part of the record. we think director muller for joining us today. director, if you would please rise, i will begin by swearing you in. swear the testimony you are about to give shall be the truth, the whole truth, and nothing but the truth, so help you god? the directorate -- record reflect that director miller responded in the affirmative. i would not introduce him. our only witness today is the federal bureau of investigation director robert muller. he was first nominated by president george to the bush. in 2011 he was asked by president obama to remain as fbi director for an additional two- year term, and that was swiftly approved by the congress.
the director has a long and honorable record of what the service. after graduating from princeton and receiving a master's degree from new york university, director moeller and listed as a marine answered in combat in vietnam. he received a bronze star, two navy commendation medals, the purple heart, and the vietnamese cross of gallantry. after his military service, he earned his law degree at the university of virginia. early in his vehicle career, he served as a prosecutor in the united states attorney's offices in san francisco and boston. after working as a partner in the boston law firm, he returned to the justice department in 1989 as an assistant to attorney general thornburgh and later as head of the criminal division in 1998, director mueller was named united states attorney in san francisco, a position he held until 2001 when nominee to be director of the fbi. director mueller, as your tenure
is set to expire this year, we welcome you here for one last look and for your statement. please proceed. >> [inaudible] morning, chairman, ranking members, members of the subcommittee. thank you for the opportunity to appear today and appear on behalf of the men and women of the fbi. and on their behalf, let me thank you for your support of the bureau over these 11 years that i have been there. of diverse andme persistent threats from terrorists, spies, and cyber criminals. at the same time, we face a wide range of threats from white collar crime to child predators. just as our national security and criminal threats constantly evolve, so, too, must the fbi counter these threats even in a time of constrained budgets. today i want to highlight several of the fbi's highest
priority and criminal threats. as illustrated by the recent attacks in boston, the terrorist threat against the united states remains our top priority. as exhibited over the past year, we face a continuing threat from homegrown by the extremists. these individuals present unique challenges because they do not share the typical profile. their experiences and those are often distinct, which makes them difficult to identify and difficult to stop. at the same time, foreign terrorists still seek to strike as at home and abroad. terrorists today operate in more places and operate against a wider array of targets than they did a decade ago. and we have seen an increase of cooperation among groups and in the village and in their tactics and communications. al qaeda is weaker and were decentralized but it remains committed to attacks against the
west. al qaeda affiliate's answer rickets, in particular al qaeda in the arabian peninsula, pose a persistent threat. in light of recent attacks in north africa, we must focus on emerging extremist groups capable of carrying out attacks from that region. let me turn for a moment to discuss the cyber threat, which has evolved significantly over the past decade and cuts across all fbi programs. cyber criminals have become increasingly adept at exploiting witnesses in our computer networks, once inside they can infiltrate trade secrets. we also based persistent threats on hackers for profit, organized criminals, syndicates, and hiking groups. as a said in the past, i believe the cyber threat may well eclipse the terrorist threat in years to come. in response, we are strengthening our cyber capabilities in the same way we
enhanced our intelligence and national security capabilities in the wake of the september 11 attacks. our cyber division is focused on computer intrusions and that attacks. fbi special agents work fiat -- side-by-side with state and local counterparts on task forces and our 56 field offices. we have increased the size of our national investigative task force which brings together 19 law enforcement, military, and intelligence agencies to stop kurt attacks and prevent future attacks. cyber crime requires a global approach. to the fbi's attaché offices, we are sharing information in court knitting investigation with our international counterparts. at the same time we recognized the private-sector is the essential partner to protect our critical infrastructure and to share threat information. we have established several noteworthy not reach programs but we must do more, we need to
shift to a model of true collaboration and built structure partnerships within the government as well as in the private sector. turning finally to the fbi's criminal programs, the fbi's responsibility ranges from complex white-collar fraud to transnational criminal enterprises, from violent crime to public corruption. given limited resources, we must focus on those areas where we bring something unique to the table. for example, violent crime and gang activity continue to exact a high toll in our communities, and threw safe streets and safe trails task force, we again by the most dangerous of these criminal enterprises. at the same time the fbi remain vigilant in its efforts to stop child predators. our mission is threefold, 1st to decrease the vulnerability of children to exploitation, second, to provide a rapid response on crimes against children, and to increase the
ability of law enforcement. turn to discuss the recent public disclosure of highly classified national security programs. the highest priority of the intelligence community is to understand and combat threats to our national security, but we do so in full compliance with the law. we recognize that the american public expects the fbi and our intelligence community partners to protect privacy interests, our as we must conduct national security missions. the fisa court has approved both programs, and these programs have been conducted consistent with the constitution and the loss of the united states. the programs have been carried out with extensive oversight from courts, independent inspectors general, and, chris.
these programs remained satisfied today, so there are significant limits on what we can discuss this morning in open session. but i do that there have been classified briefings on these programs for this committee and for the house at large. i hope that you have been able to attend, and if not, will be able to attend such a briefing from the intelligence community regarding the structure and legality of these programs. as to the individual who has admitted to making these disclosures, he is the subject of an ongoing criminal investigation. these disclosures have caused significant harm to our nation and to our safety. we are taking all necessary steps to hold the person responsible for these disclosures. as this matter is actively under investigation, we cannot comment publicly on the details of the investigation. in closing, i would like to turn
to sequestration. the impact of sequestration on the fbi's ability to protect the nation from terrorism and crime will be significant. in 2013, the fbi's budget was cut by more than $550 million due to sequestration, and in 2014, proposed cuts will total more than $700 million. the ongoing hiring freeze will result in a 22 hundred vacancies the fbi by the end of this fiscal year, with 1300 additional vacancies in 2014. i've long said that our people is the bureau's greatest asset. additional operational cuts will impact the fbi's ability to prevent crime and terrorism, which will impact the safety and security of our nation. we do understand the need for budget reduction, but we would like to work with the committee to mitigate the most significant impacts of those cuts. , members ofdlatte
the committee, i want to thank you again for your support of the fbi, and for its mission. our transmission over the past decade not have been possible without your cooperation, and i look forward to any questions you may have. thank you. >> thank you, director mueller. before we begin the questions portion, i want to remind members of the committee that although certain classified information was leaked last week, that is not mean that they have been declassified. members who may choose to question the director about these programs should exercise caution in how they phrase their questions in a due regard for their classification. and appreciate the director's limited ability to speak to the program in an unclassified setting. we will now receipt under the five-minute rule, no recognize myself or five minutes. mr. director, the recent revelation of the nsa data collection program has led to a great deal of debate both in congress and in the public. i know there is very little you may be able to say in a public setting, but to the extent you can, please ask the best latex
clad explain to this committee what you think these programs are important and how they protect the american people. do you shared the concerns of congress that civil liberties need to be protected? >> let me start by saying that the challenge in a position such as i have held for the last 11 on the one balance hand the security of the nation, and on the other hand, the civil liberties that we enjoy in this country. there is not a day that goes by that we don't look at some issue that raises that balance. insistthe things we do upon and usher if any -- and endeavor weat any take is legal. in this particular case, programs to which you refer, the legality is ushered by the
department of justice. the fisa court has ruled on these two programs, monitors these two programs, and again, i takenssured the legality in these two programs. lastly, i will say in response -- set innking member terms of a debate, congress has been briefed, have been briefed over the years, was briefed prior to the 2009 re-up, in an effort by the administration to make certain that congress knew and understand the efforts that were being undertaken under section 215. if there were a change to be nede by converse, if the ligh is to be drawn dizzily, so be it. we would follow that to the letter the law. but i repeat in both of these programs passed by congress, they have been approved and the legality approved, and has been briefed --
>> let me interrupt you because we do need to get more questions in. i think you have made your point on that. i'm sure further discussion about it before the day ensues. as you know, the committee is investigating the use of the privacy protection act of 1982 obtain a search for fox news correspondent e-mails. and your spirits, as assistance to attorney general thornburgh, and is fbi director, when you authorized a search warrant for a target of a criminal investigation, wasn't prosecution of that target the objectiove? i would say no. s,ite often in search warrant' or affidavits in support of search warrants, there are occasions where a person may be
mentioned as having culpability, but there will be no discussion or anticipation of prosecution. back before a variety of reasons. >> to that point, in the case in particular, we've got mr. rosen, and perhaps cases, where you did not intend to prosecute, did you characterized the individual as a flight risk, as was on in the matter with mr. rosen? and did you delay the search warrant for 18 months as indicates with mr. rosen? the judge elected to release the information until 18 months after his order had required that it be done, but the justice department requested 18 months in the first place. >why would that be necessary if there were no intention to prosecute? >> i'm not familiar with the full incentive that investigation -- full extent of that investigation or the discussion as to how one would
proceed to get the data. i can say two things -- one, there was greatness grew to any given at the -- great scrutiny given at the global level what needed to go to that search warrant, and that data in particular would reference to the additional requirement for getting those particular records. secondly, there is a protocol in the department of justice that was adhered to in getting approval for that particular action. that thed you know department of justice is now looking at this set of circumstances -- >> let me interrupt you again, get one more question in. to the extent that there are tweaks that need to be done, we are happy to abide by those tweaks. >> following the apprehension , someokar tsarnaev criticized the timing of the criminal complaint against him and his initial appearance. we know these timings of these acts set forth by the constitution and the rules of remote procedure.
do you believe these criminal roles are well-suited to intelligence gathering from a domestic terrorism suspect, and should the congress consider amending these rules when we're faced with a domestic domestic terrorism situation, whereas in this case, the questioning of this individual by the fbi prior to his miranda warnings short-circuited your opportunity to question him about imminent dangers like other potential suspected co-conspirators and -- andthat may have bee other bombs that may have been in existence? >> any interrogator would tell you, the longer you have, the more information you get. particularly in this day and age were if you have access to information on computers, thunderous, what have you, you will have a much better opportunity to get appropriate
questioning upon -- questioning accomplish it on the other hand, you have the statutes. in a very narrow sliver of cases where it is terrorism in the thread of substantial, i would say one would look that opportunities for giving those questioners additional time to extract information that may protect the public. >> thank you, my time expired. the gentleman from ohio is recognized for five minutes. >> thank you. we appreciate you being here before. in the past week, many in the administration have implied that because they have briefed the congress and this committee that we are all complicit in the use of these surveillance tactics. can you ignore knowledge here this morning that your briefing
me and my staff does not constitute our assent or agreement to these programs? that have been, continue to be, provided to congress is to inform congress of how these programs are being end they arehat being used, and in order to establish a dialogue as to what, if any, changes need to be done to these programs, but also it furthers the congress role as an oversight body. and consequently, i do not think we look at the briefings as a form of agreement in any way, shape, or form. but look at the briefings as our obligation to inform congress as to what is happening so if congress wishes to take steps to change it, a particular statute and the
applicability of the statue, that congress takes the steps to do that. >> the public's understanding of this program is that the government collects these records. let's take the verizon system. they collect the records of every person in the united fores and retains them some period of time, and then queries a massive database when it has a specific concern about one of us, any one of us. is that understanding accurate? >> within broad parameters, yes. let me make two points come if i can. the first -- the particular no contents
whatsoever. we have no authority to get content. , the we believe and the fisa has allowed, is the adulation of metadata, the fact of a telephone call, the numbers called, and the time and length of those calls. there are cases where that has been instrumental in identifying individuals who sought to harm our recon trip. >> i know that. the content is not kept, but to have that information of who ,alled whom, the length of time probably where the parties were -- do we need, does that serve any real purpose? this puts that -- everybody in the united states to this kindbject
of content. , at leastfeeling some of us, that it is not acessary, nor does it serve , protectivelegal service. >> would you indulge me? i want to go back to what occurred in 9/11. which has some bearing on this. before 9/11, there was an came to be one of the rentable hijackers. he is being tracked by the intelligence agencies in the far east. they lost track of him. at the same time, the authorities indicated a safe house in yemen. that safe of putting it -- had
a telephone number, but they do not know who was calling into that particular safe house. we came to find out afterwards that the person who had called into that safe house was al- midhar, who was in the united states in san diego. if we had this program in place at that time, we would have been able to identify that -- >> i'm almost out of time. >> i understand, but it is a critical point as to why we have this program and how important it is. if we had the telephone number from yemen, we would've much of that to that telephone number in san diego, that further legal process, identified al-midhar. one last point -- the 9/11 commission itself indicated that investigations or interrogations -midhar, once identified, the simple fact of their
dissension could have derailed the case, the opportunity was not there. if we had enacted this program, that opportunity would have been there. >> mr. chairman, let me just finish. i am not persuaded that that makes it ok to collect every call. look, the verizon system -- how can the government collect information on all of the verizon system if the statute limits the government to those records that are relevant? if they are relevant, relevant under your interpretation means that anything and everything goes. and that is what you did in the example that you just gave me. >> limits a, the gentleman for time has expired. we are going to be close to the
five-minute role. it is a question, we will have to wait for the answer, we will submit questions in writing to the them.or and ask >> thank you vermont, mr. chairman. . to begin, director mueller, let me commend you for your years of dedicated service. it has had to change its targeting and mission as a result of 9/11. you and i got our jobs as leaders, we estimate, about the same time. you are about ready to retire, i was retired as chairman and 2007, but i am not ready to retire from congress or asking questions, so i will begin. let me start out with two quotes from then senator barack obama "resident bush has put forward a false choice between
the liberties we cherish and the security we provide. i will provide our intelligence and law-enforcement agencies with the tools they need to track and take out the terrorists without undermining our constitution and our freedom." the second quote, which comes from the same speech in , "hington of august 1, 2007 the budget administration act like violating civil liberties as a way to enhance our securities -- it is not. there are no shortcuts to ."otecting america to g director mueller, you've third under president bush -- you have served under president bush and now under president obama. what was different under present obama, and windows and placed when the fbi applied for the fisa application that was leads to the "guardian"? ,> we have a privacy officer the department of justice has a privacy officer. i do not know differently, but
in rogue resident is in other areas where we initiate collective information that go through our privacy shops. >> that is not my question. with all due risk backed -- respect, whether new privacy protections implemented by the new president, barack obama, 2009 when he 20 quantu, took office? the am not certain of timing of additional, whatever additional privacy protections were instituted, if there were. ok, so there might not have been. -- >> ok, so there might not have been. i am very interested in your mihdhar about the al- case, it was the one who got on the radar before the patriot act. section 215 of the patriot act, which i had a hand drafting, requires that the business warrants ora
orders, be directed solely at foreigners who are the targets of unauthorized terrorism investigation. and not on united states citizens and lest they are contacted or involved with foreigners. i do not think that section 215 would have put a crimp on identifying almodovar -- al- mihdhar if that was in place before september 11, but my question with respect to the fisa orderly to the "guardian," as i have described it am a how can section 215 b utilized to scoop up the phone records of american citizens who are not intermediation with a foreigner who is in object of an authorized terrorism
investigation? , i havecertain extent to defer to the justice department on legal theory. with the fisa court, i can say there is the belief that the body of telephone data have information that is relevant, maybe relevant, and in the future have been relevant, in the past, and its collection thereby satisfies the requirement for relevance. isthe question of relevance the same type of question with a subpoena or national security lever -- letter without involving the patriot act. the patriotolve act and something that is done in secret, and there are no due process protections in place the fisa recipient of warrants cannot tell what
records you turned over. that is the case with national security letters or grand jury subpoenas. i guess what my concern is is that there really is not anyway for anybody whose records are turned over to to approach the fisa court or any other court because they don't know about it to try to get the order cross. if an fbi agent was the one assigned the affidavits to get that order. my time is up. >> if i may just follow-up with one observation, that is, as we all know, these records are not covered by the fourth amendment. the supreme court has held that to be the case. secondly, the determination as to the legality and that standard has been addressed by the five the court -- the fisa court in the affirmative. thehe chair recognizes tillman from new york, mr. nadler, for five minutes. >> thank you.
let me suggest that the 1979 decision of the supreme court, that a phone bill is not protected by the fourth to ament might not apply lot of the stuff today given how pervasive and privacy- invading this metadata has become. compared to what could be done in 1979. so i don't know that i would totally rely on that resident to do everything -- that precedent. i wouldction 215, and also like to associate myself with remarks that a dragnet subpoena for every telephone record, every e-mail record, even not know they don't do that anymore, but they could again tomorrow -- and they did do it -- certainly makes a mockery of the relevance of the standard in section 215. some of us offered amendments to narrow that several years
ago, and in retrospect, maybe we should have adopted those members -- those amendment, but that is no excuse for a misinterpretation of relevance to the point that there is no such meaning to the word. , ifndly, under section 215 you have gotten information from metadata, and you, as a result of that, think that gee, this ,hone number, 873-whatever look suspicious and we ought to get the content of that phone, do you need a new specific warrant? >> unido lycée national security letter. a national at least security letter. you need the subscriber information. you have to get a national security letter to get that subscriber information. >> and if you wanted to do more, you want to listen to the phone -- >> you would have to get a particular rise to order from the fisa court directed that
particular phone and that particular individual. >> is the answer you just gave me classified? >> is what? >> if the answer you just gave me classified in any way? >> i do not think so. >> than i can say the following -- we are precisely -- we heard precisely the opposite at the briefing the other day. we heard precisely that you could get specific information simplyat telephone based on an analyst deciding that, and you do not need a new warrant. in other words, what you just said is incorrect. answeredt certain i the same question. >> i asked the question both times, and i think it is the same question. backybe you had better go and check because someone was incorrect. >> i will do that. that is my understanding of the process. >> ok, i do not question your understanding. it was always my understanding. and i was startled the other day. i wanted to take this
opportunity -- >> i will happily clarify. >> thank you. the second -- we've heard from director clapper of the terrible damage done to national security by snowden by releasing this information. i would like you to comment -- i do not understand how national security was breached. we knew publicly from 2006, at least, from the report in the "usa today," may 11, 2006, about the existence of a massive nsa database of metadata from domestic phone calls. that was reported back then. we debated it in this committee and on the floor of the house in connection with the reauthorization, i believe, in 2012 and008 -- in 2008, at least several times. the only thing i was not known as far as i can tell that was revealed was the specifics of that court order.
which tell us nothing other .han what was already public even the stuff about section 702 -- we debated that at length. so that was pretty known. the only thing that may not have been known as the exact technical capabilities, but my assumption, and tell me why you think this is not correct, is that any terrorist or would-be terrorists with half a brain in his head would assume that all electronic medications are are vulnerable-- and may be subject to interception. change what's his name that's assumption? >> any terrorist that has a brain would figure it out -- the fact of the matter is, they are terrorists, and they are terrorists. i can speak generally, but i cannot go into the detail, but i
can tell you every time that we have a leak like this, if you follow it up and you look at the intelligence afterwards, there are persons who follow this very, very closely, and they're looking for ways around it. one of the great former abilities the terrorists understand their communications, and and they are consistently looking for ways to have secure communications. any information that comes out in terms of our capabilities and our programs, they are immediately finding ways around it. that we are going to -- lose our we have ability to get their vacation, we will be exceptionally honorable. i asked you to get the more classified briefing as to more specific, but let nobody be misled in this -- this herz national security. the issue is -- how do you
balance that against privacy ye? you may come down differently than others, then the five the court, then me perhaps, but all i can say is there is a cost to be paid. >> the gentleman's time is expired. >> mr. chairman, thank you for your years of service. i want to revisit benghazi, mr. director. from the recent weeks ago, the former secretary of state, hillary clinton, appeared before the hearing, and she was asked about certain facts that surrounded the libyan tragedy. and she responded -- what difference does it make? i take umbrage with that response, which i felt was insensitive and condescendeing. it may make a great deal of difference. having said that, we have all tripoli ert waited in for more than two weeks for
access to benghazi. someone said that this was due entanglements. do you agree with that? >> i do not. we monitored the situation very closely. after that occurrence. we had persons ready to go, quite obviously, we were in touch to immediately with the state department. there were a number of factors that made is as unique a situation overseas as we have seen. this is not the first bombing with that of our embassies. in this case, there were a combination of factors with a delay. in benghazi, there is no law enforcement. was not then, is not now. there is nobody that you can deal with in terms of assuring your security. >> let me ask -- >> secondly -- >> go ahead. >> the libyan government is
dependent on getting visas from the libyan government. the libyan government then and today it still unfavorable and at this -- unstable and it is difficult to get decisions in that arena. but i would say the bottom line is to assure the security of our people when we went in. when we could assure the security of our persons, we didn't go in and do our on-site review. >> did you speak to anyone any libyan government about the delay? >> we were talking through our ambassador, i think it was the ambassador there at the time, i know the state department was pushing hard, we were pushing hard. but he too concerns -- the safety and the reluctance of the government to move quickly on this -- inhibited our ability to do what we wanted to do. >> mr. mueller, as a former prosecutor, you are familiar with the importance of preserving a crime scene in order to ensure that you can collect the maximum amount of evidence. having said that, once the ert
arrived in benghazi, how quickly were they able to secure that scene, and begin collecting evidence? >> the ert team went in with a military component with support from air asset and others. i think we did it within a 24- hour period. >> would be fair to say the two- week delay in the fbi's ability to secure the scene of the attacks led to the corruption of the scene? i am not certain i was a corruption of the scene. i would say you always wanted it to be seen as soon after the occurrence. it hadly we have seen been entered by a number of people, and it was not as pristine as we would like, absolutely. >> would also be fair to say that the corrupted scene left evidence collection since we could not establish the chain of custody, that is to say evidence at the scene when you all began
as with two weeks prior? >> i would say yes. the delay adversely impacted the ability to gather evidence in a variety of ways. thersely impacted investigation. >> has this put a damper on our ability to pursue leads? and/or suspects? >> you don't know what you don't know, what you may have missed. the investigation is ongoing. we have had some success, but i cannot get into it today. it is a very difficult operating environment, not just at the scenes itself, but obtaining the cooperation of witnesses and others who may have information relating to -- >> my time is about out. mr. mueller, this ungodly tragedy still -- this benghazi tragedy still hangs in my crawl.
i'm not directly at you, but i'm directing it at somebody. we still do not know all the facts. i do not suggested as they cover up, but it has the trappings of a cover-up here in -- of a cover-up. we will see what happens. thank you for being with us. the gentleman from virginia, mr. scott, for five minutes. ,> thank you, mr. chairman and mr. moeller for your distinctive service. as you know, people acquiring gun loophole the -- gun show loopholes and other exceptions come easily attain a gun without a back rentech, what difference would a universal backward check make? >> at the outset, it would mean fewer persons would have the characteristics would be in positions of guns. -- in possession of guns.
>> on the issue of these telephone records, you have indicated how the acquisition of all telephone records helps to protect us from terrorism. that this data can be used for things other than terrorism? >> no. forou can't use it criminal investigation -- >> no. >> you can use it if the purpose 104 wiretap is a significant purpose, to terrorism, significant purpose, there may be other purpose -- >> i'm sorry, i missed the question. to obtainection 104, foreign intelligence information, significant purpose in a change of the law from the purpose that suggested it is the primary purpose. if it is just a significant purpose, that would leave open the idea that there is another purpose for getting information.
when i asked attorney general gonzales that question and what other purpose you could be using these warrants for, he blurted out -- criminal investigation. of course, without the normal probable cause and everything else. is the acquisition of this information, this may get data -- this metadata, solely for protection against terrorism, or kennedy was for something else? -- or can it be used for something else? >> terrorists. >> a future but over some other things, like you noticed a crime, could you use it in a criminal prosecution? >> no. not that i'm aware of. the restrictions are the you cannot. there may be a way to either go to the court if there was an egregious crime, but the court would have to authorize it. >> the exclusionary rule works because you do not illegally obtained evidence because if you got it you cannot use it. there is a suspicion that some of us have that you are getting this information and you can use it if you have one of these task forces, and one of these
guys can get a five that warrants, yousa in ahave one of the guys, an foreign government, listen in and see if we can't trip over a crime, you are saying you cannot use it for anything other than terrorism. >> if you're talking about 215, it is very simple. >> significant purpose. not primary purpose. -- i wouldertain on have to go back -- primarychange it from to significant purpose, which , whichened up the idea just opened up the idea that you could have some ulterior motive. >> on a particular language and language change, if you would allow me to get back to you, i would like to give some thought
to that. >> so this information that we are getting can only be used for terrorism. that what we are hearing. >> yes. the irs situation, there is some question as to whether some progressive groups were also targeted for scrutiny under 501(c)4 abuse. if they can be shown that only groups targeted were targeted because of political views, without filing criminal law? --that is a speculative excuse me, just one second, if i could. i just wanted to check whether i was right, i wanted to check my answers on my previous, on your previous questions. thank you. >> ok. on the boston bombing, obviously there was information out there
that you could have used. do your limited resources limit your ability to track down each and every lead that you are given and compromise your ability to protect us against terrorism? >> we get thousands upon thousands of terrorism leads each year. the boston office is up in that ofge of, those number thousand a year, and this particular case, i do believe that when we got the lead on tamerlan from the russians that the agent did an excellent job in investigating, utilizing the tools that are available to him in that kind of investigation, as i think you are aware, he did all the records check, went out to the interview persons at the college where tamerlan was therefore a period of time, alternately interview the
parents, interviewed the, tamerlan himself, sent the information back to russia, and on three separate occasions we asked russia for more information that might give us indications or evidence that he was a terrorist. i think we did a thorough job in following that lead. at that point in time, i do not know that there was much else that could have been done within the statutes, within the constitution. to further investigate him. >> thank you, mr. chairman. thehe chair recognizes gentleman from ohio 45 minutes. >> thank you, mr. chairman. mr. director, as mr. sensenbrenner did come i want to thank you for your service to our country. i want to disclose that i represent cincinnati, ohio, were some of the allegations, apparently rogue employees, who were allegedly acting on their own, were originated. but my question, let me get --
when it began with this. the irs is privy to some of our citizens' most sensitive information and is tasked with applying the law with a fair and impartial way. you would agree with that. >> yes. >> however, the members of a tea party group in my district received a letter asking some pretty invasive questions, i believe. providing all their facebook and twitter information, for example, any of their advertising. they specifically mentioned a gentleman by the name of justin thomas,comics -- benik just ordinary citizens who did not have any connections with that particular organization, that receive this inquiry from the irs. he also got no notification in the matter at all. they also got questions about providing a list of the issues that were important to the organization. they wanted to know what their position was regarding each
issue. i am very concerned about the irs admitting targeting conservative groups and this overly invasive line of questioning and requests for information. it is really, i believe, more like harassment rather than an appropriate inquiry. now, the attorney general announced on may 14 that he had ordered an investigation by the fbi. has the fbi begun that investigation now? >> yes. >> i assume you cannot go into the details because it is an ongoing investigation. >> correct. >> now, the irs commissioner, steven miller, initially blamed these actions on two rogue employees way out in the cincinnati office. so how could we possibly know anything about that in washington, basically. he acted like nobody in this
city knew anything about it or was connected in any way with it. that has become pretty clear at this point that the irs in washington was involved in this. i would like to read a couple of things here relative to a woman he was one of the cincinnati employees and some of the things she has indicated on the record. she said, the tea party cases, the patriot cases, those types of organizations questioned by the irs, they were basically in a holding pattern of their applications. she indicated that they were basically in a black hole. she had been working on for 11 years at the irs, she said the way the irs handled the tea party to cases was unprecedented. which i think is pretty significant. she says it was micromanaged to
death by an irs lawyer who worked in washington. again, no washington connection, of course. but that is where this irs lawyer was -- here in washington, d.c. back in july 2010, the irs developed what was called a bolo list. it stands for be on the lookout. it instructed -- >> i knew it in the law enforcement context. >> it was used in that context to send applications from organizations involved with the tea party movement. she told congressional investigators she understood the purpose of the list was to target conservative and republican groups. other political groups did not get handled the same way according to her.
a "usa today" review of tax exemptions shows dozens of liberal groups got exemptions and tea party groups were on hold. subsequently, there was another bolo criteria that came down from d.c. talking about including groups whose issues include government spending, government debt and taxes, and if you are critical of the country or the direction that it is going or the way it is being run. again, a lot of these sat in limbo for 27 months. will all these matters be investigated by the fbi, no matter how high up they go? >> i can specifically assert they will to the extent there is any criminal misconduct we will follow the leads and the evidence wherever it takes us. >> thank you. >> the chair recognizes the gentleman from north carolina for five minutes.
>> thank you, mr. chairman. thank you, director mueller, for your service. i think you have raised the standards very high. i appreciate that. i want to follow-up on any response you made to a question mr. conyers gave you. you used the phrase you thought the american people were concerned about to what end the programs, these two programs, are being used. and i think that is absolutely the case. i think that was the case when we were debating the patriot act and the reauthorization of the. and the concerns that a number of us were raising at that time. to what end would these programs be used? congressman scott has questioned you about some of those ends.
what i would like to do is frame this based on what you mentioned in your opening statement. you talk about terrorism, national security, cybersecurity, and you talked about criminal activity in your description of cybersecurity. you said that required a public- private interaction. in all these things, they have become more global, i take it. all four of those categories have become more global. so the question i'm raising is, is there a distinction between terrorism, the purposes for which information can be used in these programs for terrorism
purposes -- that is why the statutes were put in place. is there a distinction between terrorism and national security? >> i think terrorism as defined as a threat to national security. in and of itself. >> does national security include, or does national security include some things outside of terrorism? >> terrorism is a separate category. you have individuals. one of the concerns we have in the future -- >> what about trade as a matter of national security? >> i can tell you, one hypothetical is a terrorist
attack, a cyber terrorist attack on wall street. that is trade. if we disrupt that, that is a matter of national security. >> i think you were right. the public's concern here is what is the overlap between these four categories, and to what extent can this information that is being gathered be used for things that are in the gray area here? i was uncomfortable that we got so preoccupied with terrorism that we compromised, i thought, personal liberties. but i assumed we got comfortable with that after 9/11. what if you found something in this information, that is gathered, under these two
programs, that related more to criminal activity? serious criminal activity. the question is, can that be used, anything you find in these phone dragnets, can it be used in a criminal investigation if you decide that it's not terrorist related necessarily, but could be national security related or cybersecurity related? what is the dividing line between the use of these things other than an individual agent's discretion, or whatever an individual agent represents in a affidavit to the court? >> let me start by the use of
the word dragnet. >> i did not intend to use it either. i apologize. data gathering. >> data gathering, not content, the statute is fairly specific and it is attributable to terrorism. the traditional, what one would understand to be terrorism, al qaeda and its like and other terrorist groups that are specifically mentioned. as i tried to point out before, this program is set up for a very limited purpose in a limited objective. that is to identify individuals in the united states using a telephone for terrorist activities. >> is cyber terrorism? >> it can be. but not as distinguished.
i do not believe it would be covered in this particular statute. i tried to leave out the possibility that if there were a piece of evidence that was applicable to a homicide or substantial, the only way for that piece to be utilized would be to go back to the court and get the approval of the court to utilize this information in a way that was not covered in the original order. >> the time of the gentleman has expired. the gentleman from alabama, mr. bacchus, for five minutes. >> dr. mueller, i want to commend you on your service to our country. let me ask you. i have been reading about the james rosen case. i find a great deal of confusion over what the justice department and the fbi have done, and what they have not done.
you are familiar with the search warrant and the affidavit in that particular case. >> no, i am not that familiar. >> are you familiar with, at the time the search warrant was issued, stephen kim had already been identified as the leaker of the information. you are aware of that? >> i am not aware of the timing. this was three years ago. >> in 2010, he had already been identified. if you read the affidavit, clearly he had been identified as the leaker. i know that attorney general holder said he did not know of a prosecution or was not party to a prosecution.
if you read the search warrant, i know it talks about mr. rosen as perhaps being an aider or abettor or co-conspirator. if you read the affidavit, he was clearly encouraging steve kim to leak classified information. he was concealing his identity and telling kim to conceal his identity. now, also, according to this affidavit, and i take this as being true -- i know of nothing in this affidavit that has been disproved. this disclosure threatened our national security, clearly, and probably or could have cost the life of an intelligence source in north korea because -- i am not even sure if the person is still alive. now, assuming that what i say, assuming the affidavit is correct and james rosen was
doing this daily contact with kim, i know that there have been accusations that the privacy protection act was violated. but it says that it protects journalists from being impelled to turn it over to law enforcement any documented the materials, including sources, before the information contained in the materials is disseminated. it was disseminated a year before. i do not think that is valid. it also prevents investigators from searching newsrooms to uncover information or sources that a news organization has assembled. i do not think that applies in this case. i know of no search of any newsroom or any work product. but, it says there is no protection if there is probable
cause to believe the person possesses materials or has committed or is committing a crime to which the materials relate to, including receipt, possession, or communication of classified material. this affidavit contains 35 pages of very active recruiting of the state department employee, advising him, the reporter, to use a fake e-mail. the search warrant was to google. it has been said that they should take reasonable -- the government should take reasonable steps to obtain information through alternative sources or other means than the reporter. i would think google would be an alternative source. and there is a clear presumption
there is not now, but there is a presumption -- i would not ask you to read that affidavit. my point is simply, from reading the affidavit, i would think it is clearly within the right of the government to prosecute this reporter. >> i could tell you two things. one, i briefly reviewed the affidavit when the issue arose. i have -- i am somewhat familiar with it. the focus of our investigations are on the person within the government who is leaked the information. he is the focus of our investigation. given the issues that have been raised, it is appropriate to go back and look at the statute that was applied to the search warrant, and to the protocols that have been established in
our exercise of investigation ability when it comes to this tension between the first amendment on the one hand and -- >> watch more of this video or any other video online our c- span video library at www.c- span.org. representative loretta sanchez also talked about the national security agency's surveillance and data collection program. from "washington journal," this is about 45 minutes. host: we want to welcome back congresswoman loretta sanchez, a member of the intelligence subcommittee. you were at yesterday's briefing of the nsa is surveillance
program. what did you hear? guest: we had several i would say not upper level but people who were involved in the situation from various agencies, two or 3. i would say that the mood in the room was not a happy mood. and generally speaking when we go into these classified -- this was a classified meeting. some of us believe that people do this, they label them in such a way so that we cannot walk out and say what we heard. yesterday they talked about walking us through the program and came back with, you'll authorize this and you knew about. host: is that true?
guest: the answer is no, yes, the patriot act and the fisa act. these programs are legal. maybe people on the intelligence committee may have known more in detail about all of this going on. it is hard for a member to get the full picture of what is happening. you had democrats and republicans in the room and that was a group of very angry people. host: what types of questions were members asking? guest: how did this happen? how did we not know about it? this was so important. you had access.
we did not have access to top- secret type of information. not all congress people have the same access. i sit on armed services. i push it to get information. when i get information on programs, i have to go into a room. it is time consuming. you have to schedule it. you have to schedule people from the outside to be there. i does this as part of my living. someone on transportation or the education committee, many times they do not have an idea of what is going on and they are relying on us. i think that tactically there